ecryptfs-devel team mailing list archive

Thread
Date

Re: [Ecryptfs-users] Writing a script for encrypting an user's home

To: "Li, Yan I" <yan.i.li@xxxxxxxxx>
From: Dustin Kirkland <kirkland@xxxxxxxxxxxxx>
Date: Thu, 14 Jan 2010 12:36:58 -0600
Cc: "ecryptfs-users@xxxxxxxxxxxxxxxxxxx" <ecryptfs-users@xxxxxxxxxxxxxxxxxxx>, "ecryptfs-devel@xxxxxxxxxxxxxxxxxxx" <ecryptfs-devel@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20100107041154.GB1032@sage.bj.intel.com>
Reply-to: kirkland@xxxxxxxxxxxxx

On Thu, 2010-01-07 at 12:11 +0800, Li, Yan I wrote:
> On Tue, Jan 05, 2010 at 11:46:16PM +0800, Dustin Kirkland wrote:
> > All of the instructions and commands should be clearly described here:
> >  * http://blog.dustinkirkland.com/2009/06/migrating-to-encrypted-home-directory.html
> 
> Won't it be much simpler if we just do the migration in this way,
> using ecryptfs-setup-private's bootstrap mode (as root):
> 
> # mv /home/$USER /home/$USER.old
> # mkdir -p -m 700 /home/$USER
> # ecryptfs-setup-private -b -u $USER
> # rsync -a /home/$USER.old/ /home/$USER/
> # rm -rf /home/$USER.old/ (if needed)
> 
> I have tried and they worked.

Ah, yeah, that's the basic concept, for sure.

I created that blog post as a narrative version of that code.

Note that you'll need to do some sanity checking before doing the rsync.
You'll need (conservatively) 1.5 x the disk usage of the clear text code
to do the rsync and expect it to complete.

We could alternatively use mv, or there's a mv (remove source) option
you can add to rsync.  But we need to be very safe about these.

:-Dustin

Attachment: signature.asc
Description: This is a digitally signed message part

References

Re: [Ecryptfs-users] Writing a script for encrypting an user's home
From: Dustin Kirkland, 2010-01-05
Re: [Ecryptfs-users] Writing a script for encrypting an user's home
From: Li, Yan I, 2010-01-07