View previous topic :: View next topic |
Author |
Message |
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Tue Sep 20, 2016 9:30 pm Post subject: e4crypt is driving me nuts |
|
|
I do have a user "tor" (no login shell) and an already filled directory /var/lib/tor/data. Now I'd like to encrypt that directory an a way, that [1] can be used to decrypt it. By no way I get it till now. I must admit I do not have any experiences in ext4 encryption.
Does anybody has a working way to achieve the goal ?
[1] https://github.com/toralf/torutils/blob/master/unlock_tor.sh |
|
Back to top |
|
|
axl Veteran
Joined: 11 Oct 2002 Posts: 1144 Location: Romania
|
Posted: Tue Sep 20, 2016 9:47 pm Post subject: |
|
|
why not use what normal humans use? luks fs / cryptsetup. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21602
|
Posted: Wed Sep 21, 2016 1:52 am Post subject: |
|
|
axl: ext4 encryption can be done on a per-directory basis. Toralf presumably has an ext4 filesystem mounted either at /var or at / that has, as one of its subdirectories, the directory he wants to encrypt. If he used a LUKS based design, he would need a separate filesystem just for that directory. He would need to reserve in advance enough space for that directory to grow to the maximum size he wants to allow, and that reservation would not be usable by any other part of /var, even when the encrypted directory is empty. |
|
Back to top |
|
|
toralf Developer
Joined: 01 Feb 2004 Posts: 3922 Location: Hamburg
|
Posted: Wed Sep 21, 2016 7:22 am Post subject: |
|
|
Hu wrote: | axl: ext4 encryption can be done on a per-directory basis. Toralf presumably has an ext4 filesystem mounted either at /var or at / that has, as one of its subdirectories, the directory he wants to encrypt. If he used a LUKS based design, he would need a separate filesystem just for that directory. He would need to reserve in advance enough space for that directory to grow to the maximum size he wants to allow, and that reservation would not be usable by any other part of /var, even when the encrypted directory is empty. | Indeed.
Update
Seems that the issue is either due to my lack in knowledge - OTOH the whole encryption changes in 4.8. - will see, if the same commands will work then. |
|
Back to top |
|
|
|