[NCLUG] Fun project: Paranoid security for encrypted home.

Stephen Warren swarren at wwwdotorg.org
Thu Apr 13 09:59:13 MDT 2017


On 04/13/2017 09:52 AM, Grant Johnson wrote:
> I meant that the dev could change every time, so it might be sdb1 today,
> and sdc1 tomorrow, and they is why I am using the uuid.

Oh right, I see what you meant. I got the wrong end of the stick:-)

> On April 13, 2017 9:50:01 AM MDT, Stephen Warren <swarren at wwwdotorg.org>
> wrote:
>
>     On 04/12/2017 07:33 PM, Grant Johnson wrote:
>
>         Fun project: Paranoid security for encrypted home.
>
>         1) Install ecryptfs-utils.
>         2) Make a thumb drive always mount to the same place
>         To do this, first find out the UUID of the drive:
>         grant at Grant2017:~$ sudo blkid /dev/sdb1
>         /dev/sdb1: UUID="10E1-E32B" TYPE="vfat"
>
>         Make a path to mount to:
>         grant at Grant2017:~$ sudo mkdir /keys
>
>         Then, adjust your fstab to mount to the same place every time,
>         but to
>         keep booting if it is missing:
>         UUID=10E1-E32B /keys vfat nofail 0 0
>
>         The important parts are the UUID instead of the device (it can
>         change
>         each time it is plugged in) and the nofail.
>
>
>     That's odd; the whole point of UUID-based mounting is that the UUIDs
>     don't change. The UUID for a filesystem is stored in the filesystem
>     itself, so it shouldn't change unless you destroy/re-create the
>     filesystem. Note: You can also use partition UUIDs at least with GPT
>     partition tables (PARTUUID=) in some cases, with the same effect.



More information about the NCLUG mailing list