Ubuntu's "encrypt my home partition" option uses eCryptfs. See: http://www.linux-mag.com/cache/7568/1.html
The article gets very deep into how to manage eCryptfs and how it works. Very interesting. But I do use luks on all my desktops and laptops. Of course, it's transparent to userland, so it only provides protection when the power is off. eCryptfs is a different beast, it integrates with PAM to do it's job. Gregor, it sounds like you should take Leonel's suggestion and run cherokee as you. Do something like: cherokee-admin --target ~/lib/cherokee/devserver.conf Then make your choice of starting config. Cherokee is soooo damn friendly when starting from scratch. Good luck, Dave On Nov 9, 1:32 pm, "Leonel Nunez" <[email protected]> wrote: > > Leonel Nunez dijo [Mon, Nov 09, 2009 at 10:50:09AM -0700]: > >> > so to clarify, you might want to chmod 750 <thedirectory> and then > >> > chown username:www-data <your dir> . Or something similar. > > >> Karmic has the $HOME dir encripted with the user's key > >> so, That's why www-data can't access /home/theencripteddir/ > > >> I'll test later on a karmic server with the users home directory > >> encrypted. > > >> But can you please test with cherokee running as YOUR user not the > >> www-data? > > > That would be a VERY bad idea security-wise. Any vulnerability, either > > in Cherokee or in any of the processes it spawns would automatically > > have access to the whole directory. Even worse (and more likely), you > > would only have to create a simple symlink to allow Cherokee to access > > any other of the encrypted user files. > > > In any case, if you are encrypting a portion of your used directory, > > it means it should be kept away from the world at large. If you want > > to make part of your information public, well, keep it outside the > > encrypted area! > > > You can achieve that (while keeping a congruent view to the user) by > > setting up an unencrypted directory controlled (chown'ed) by the user > > (call it if you want to /home/public/$user or whatever), and > > symlinking it as /home/$user/public. > > > Greetings, > > I know what implies, > > what I've understood from the first mail this setup is for a test/devel > machine nothing going for producction > > > > > -- > > Gunnar Wolf • [email protected] • (+52-55)5623-0154 / 1451-2244 > > _______________________________________________ > Cherokee mailing list > [email protected]http://lists.octality.com/listinfo/cherokee _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
