beagle
poptones
ulist at gs1.ubuntuforums.org
Fri Jul 8 18:56:17 UTC 2005
-I've read the documentation that there's on the Ubuntu site that talks
about
this and how to avoid having to type 3 passwords at boot, though I
don't
like the idea that it's given there -
Why? I have been using my system like this more than two years now and
it works flawlessly. I have installed the system like this at least
fifty times and never had an issue. All you have to do is create the
installation with both a / and /usr partition, boot into a recovery
console, and type
mv /var /usr
mv /opt /usr
mv /home /usr
mv /root /usr
mv /tmp /usr
ln -s /usr/var /var
ln -s /usr/home /home
ln -s /usr/opt /opt
ln -s /usr/tmp /tmp
ln -s /usr/root /root
reboot
when your system comes back up all the user contaminated data will be
on one easily encrypted partition. You can then boot to a recovery
console if you like, edit fstab and crypttab, create the encryption
mapper and encrypt it all by typing
dd if=/dev/hd(usr partition) of=/dev/mapper/usr(whatever you named the
mapper) bs=4096k
When it's done you will have everything (except /swap) that can be
"contaminated" encrypted with a single password. Swap is easy to
encrypt because you can just set the passphrase to be retrieved from
/dev/random on every boot.
This is MUCH more secure than using keys, dongles, or "passphrase
partitions." If the passphrase for your disk is written down ANYWHERE
it is vulnerable. This allows both convenience and security.
--
poptones
More information about the ubuntu-users
mailing list