Anthony Thyssen writes: >On Mon, 30 Jun 2014 08:01:08 -0600 >Joe Pfeiffer <jos...@pfeifferfamily.net> wrote: >| I ran in to a similar problem. In my case, the issue was that I have >| an encrypted home directory, and needed files like ~/.procmailrc >| to be available whether or not I was logged in. >| >| The ugly hack I eventually went to was to have three sets of home >| directories: >| >| /home.enc/$USER contains encrypted home directories >| >| /home.unenc/$USER contains files that a user wants to have available >| whether logged in or not. >| >| /home/$USER is the home directory; when the encrypted home directory >| is mounted it appears as /home/$USER. When the encrypted home >| directory is not mounted, however, /home/$USER contains a small number >| of symbolic links to files in /home.unenc/$USER. When the encrypted >| home directory is mounted over it, it also has symbolic links into >| /home.unenc/$USER >| >| Like I said, an ugly hack. But it works... > >Understandable situation, And interesting solution. > >Could probably me made generic enough that a PAM login system could do >the mounting using the login password. Though PAM would not have that >password for remote 'public key' ssh connections.
Exactly -- in fact, I use pam-mount exactly as you suggest. It also means that if I'm not logged in to a host, I need to present a password; once I am logged in I've got my RSA key available so I don't need a password on second logins (I've got the RSA in the encrypted volume; if my laptop gets stolen the key isn't available unless they crack my login password). >Keeping the symbolic links to the unencrypted files correct in both >the normal home, and the decrypted home overlay, could be tricky. That's the true ugliness of the hack -- but it's not as bad as having two copies of the files to keep in sync! What I'd really like (and wasn't able to find) would be an overlay filesystem that would let me layer my encfs filesystem on top of my unencrypted filesystem, with the following semantics: (1) trying to open a file, whether for read or for write, tries to open it in the encrypted filesystem first, then in the unencrypted one. (2) creating a new file or directory does so in the encrypted filesystem. I found a couple of examples of overlay filesystems, but not one that would do this... -- Joe Pfeiffer http://pfeifferfamily.net/ 1440 Tierra del Sol Dr 575.525.2764 (H) Las Cruces, NM 88007-5548 575.496.3501 (C) ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
