[NCLUG] Fun project: Paranoid security for encrypted home.
Stephen Warren
swarren at wwwdotorg.org
Thu Apr 13 09:50:01 MDT 2017
On 04/12/2017 07:33 PM, Grant Johnson wrote:
> Fun project: Paranoid security for encrypted home.
>
> 1) Install ecryptfs-utils.
> 2) Make a thumb drive always mount to the same place
> To do this, first find out the UUID of the drive:
> grant at Grant2017:~$ sudo blkid /dev/sdb1
> /dev/sdb1: UUID="10E1-E32B" TYPE="vfat"
>
> Make a path to mount to:
> grant at Grant2017:~$ sudo mkdir /keys
>
> Then, adjust your fstab to mount to the same place every time, but to
> keep booting if it is missing:
> UUID=10E1-E32B /keys vfat nofail 0 0
>
> The important parts are the UUID instead of the device (it can change
> each time it is plugged in) and the nofail.
That's odd; the whole point of UUID-based mounting is that the UUIDs
don't change. The UUID for a filesystem is stored in the filesystem
itself, so it shouldn't change unless you destroy/re-create the
filesystem. Note: You can also use partition UUIDs at least with GPT
partition tables (PARTUUID=) in some cases, with the same effect.
More information about the NCLUG
mailing list