[NCLUG] Fun project: Paranoid security for encrypted home.
Stephen Warren
swarren at wwwdotorg.org
Thu Apr 13 09:59:13 MDT 2017
On 04/13/2017 09:52 AM, Grant Johnson wrote:
> I meant that the dev could change every time, so it might be sdb1 today,
> and sdc1 tomorrow, and they is why I am using the uuid.
Oh right, I see what you meant. I got the wrong end of the stick:-)
> On April 13, 2017 9:50:01 AM MDT, Stephen Warren <swarren at wwwdotorg.org>
> wrote:
>
> On 04/12/2017 07:33 PM, Grant Johnson wrote:
>
> Fun project: Paranoid security for encrypted home.
>
> 1) Install ecryptfs-utils.
> 2) Make a thumb drive always mount to the same place
> To do this, first find out the UUID of the drive:
> grant at Grant2017:~$ sudo blkid /dev/sdb1
> /dev/sdb1: UUID="10E1-E32B" TYPE="vfat"
>
> Make a path to mount to:
> grant at Grant2017:~$ sudo mkdir /keys
>
> Then, adjust your fstab to mount to the same place every time,
> but to
> keep booting if it is missing:
> UUID=10E1-E32B /keys vfat nofail 0 0
>
> The important parts are the UUID instead of the device (it can
> change
> each time it is plugged in) and the nofail.
>
>
> That's odd; the whole point of UUID-based mounting is that the UUIDs
> don't change. The UUID for a filesystem is stored in the filesystem
> itself, so it shouldn't change unless you destroy/re-create the
> filesystem. Note: You can also use partition UUIDs at least with GPT
> partition tables (PARTUUID=) in some cases, with the same effect.
More information about the NCLUG
mailing list