Creating a encrypted directory during the server installation

Dustin Kirkland kirkland at canonical.com
Mon Sep 22 17:40:23 UTC 2008


On Mon, Sep 22, 2008 at 12:09 PM, Mathias Gug <mathiaz at ubuntu.com> wrote:
> However I wonder if asking the user to setup encrypted directories
> during the -server installation process is useful.  We try to keep the
> installer as simple and straight forward as possible for the majority of
> users. Is it worth adding another step to the installation process that
> covers only a minority of -server use cases ?
>
> The question is not whether encrypted directories are useful in a server
> environment - they are for specific use cases (login servers, file
> servers, not so much for database servers, http or mail servers) - but
> whether it's worth adding an extra step to the installation process
> asking the user to setup encrypted directories for the system.

Obviously, my opinion is biased, so I'm not casting a vote on this
issue, I'm leaving it to the community to vote and decide.

I will offer a few words of support, though...

The current question looks like this:
 * http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png

It immediately follows the prompts for the initial username and
password.  The default response is "No", so if you just hit <enter>
here, the installer bothers you no more.  The cost is one screen, one
keystroke in the "No, I don't want an encrypted Private directory"
case.

I think there is arguably far more value on the laptop/desktop case,
as these systems are far more likely to be physically stolen, in which
case an encrypted location to store your data might well be your life
saver.

However, I honestly believe that most server administrators would
benefit from having a single place (~/Private) to cryptographically
store sensitive information, such as passwords, documents, or
configuration information (without LVM-encrypting the whole disk and
paying the performance penalty for every read/write).  At least I
certainly do.

I think the Ubuntu Server has an opportunity to _lead_ in the Linux
server industry in this case.  And I think the new question in the
installer actually provides exposure to this feature that is otherwise
buried in the new /usr/bin/ecryptfs-setup-private command line
utility.

-- 
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
kirkland at canonical.com
GPG: 1024D/83A61194




More information about the ubuntu-server mailing list