Today I thought – hey, I really hate it that i have to mount my truecrypt partition prior to work with eclipse.
I was using truecrypt because the encypted folder of ubuntu disabled me of using apache (running as www-data) in those folders. Truecrypt worked find for doing just that, but as the weeks pass by I’m getting really annoyed of having to mount it seperate.
Another drawback by using truecrypt or any other full partition encryption is the inability to do incremental backups. By using an encryption that uses the normal file system as a storage backend this shortcomming doesn’t exist :).
Now I’ve switched to encfs (http://www.arg0.net/encfs) and pam_encfs to mount it on login.
Here’s how its done:
- Install the needed packages:
sudo apt-get install encfs libpam-encfs
- Enable pam_encfs in pam.d:
open the file: /etc/pam.d/common-auth
add “auth sufficient pam_encfs.so” befor the line with pam_unix.so
append “use_first_pass” to the line pam_unix.so
- Setup encrypted directory:
encfs /path/to/encrypted/data /path/where/you/want/to/mount/it
this will create the encrypted files. Also set the rights on your data:
chmod 775 /path/where/you/want/to/mount/it -R
- Setup the pam_encfs config:
open the file: /etc/security/pam_encfs.conf
change the line with fuse_default to “fuse_default nonempty”
comment the line with drop_permissions
and at the end of the file add the line:
“YOURUSERNAME /path/to/encrypted/data /path/where/you/want/to/mount/it -v,–public allow_other,gid=33”
where 33 is the group of www-data (you have to give numeric id’s here)
and now, well that’s it. Your new encrypted folder shoud be up and running on every login!
For this method to work, the user and the Volume must have the same Password!!!
Be aware that by logging in any user on the system can access your folder!
If you do not want that just remove the “–public” and uncomment the “drop_permissions”
EDIT: to append use_first_pass use a space as separator!
Hope you like it.