ecryptfs-users team mailing list archive

Thread
Date

Re: Which directory in my server should I encrypt ?

To: David Tomaschik <david@xxxxxxxxxxxxxxxxxx>
From: Dustin Kirkland <kirkland@xxxxxxxxxx>
Date: Mon, 14 Feb 2011 11:32:24 -0600
Cc: ecryptfs-users@xxxxxxxxxxxxxxxxxxx, eilaf mugbil <eilafmugbil@xxxxxxxxx>
In-reply-to: <AANLkTikBnedj8kr71KjfP-=zhe61-Z8NhB=U8VtseVvr@mail.gmail.com>
Sender: dustin.kirkland@xxxxxxxxx

On Fri, Feb 4, 2011 at 1:11 PM, David Tomaschik
<david@xxxxxxxxxxxxxxxxxx> wrote:
> What are you trying to protect?  On servers, I prefer to do full disk
> encryption with LUKS.  (Just my .02).  I like eCryptFS better where only a
> subset of data needs protection.
...
> On Thu, Oct 15, 2009 at 4:40 PM, eilaf mugbil <eilafmugbil@xxxxxxxxx> wrote:
>>
>> Hello;
>>
>> I want to ask, Which directory in my Linux server (for example http
>> server) should I encrypt using ecryptfs?
>> can i encrypt /etc ?

David is dead-on right.

If you want to protect /etc (and there are certainly times and places
when you want to protect /etc), then you probably also want to protect
/var.  And if this is the case, then LUKS + LVM full disk encryption
is the way to go.

If you want to protect just a subset of your data (perhaps /home, or
some other folder or folders), then eCryptfs is a great option.
eCryptfs doesn't work particularly well with /etc or /var because so
much of /etc/ and /var/ are required to boot a system.  If you need to
decrypt data just to boot the system, then LUKS + LVM have excellent
integration with various boot utilities, like upstart, sysvinit,
plymouth, etc.

Hope that helps, cheers,
Dustin

References

Which directory in my server should I encrypt ?
From: eilaf mugbil, 2009-10-15
Re: Which directory in my server should I encrypt ?
From: David Tomaschik, 2011-02-04