[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Encrypted partition backups.

Bill Davidsen wrote:
Robin Laing wrote:
OK, now it is an option to create encrypted partitions with F10 during install. With this, the issue of backups gets changed and I wonder how people are dealing with it.

I am about to install a system where each users home directory will be encrypted and mounted on login and unmounted on logout.

Now the question comes to how to make automatic backups of these encrypted partitions when they are not mounted. This has to take into account that the backup needs to be as secure as the original users directories.

Is there a tool that allows partition backups of only the changes as with incremental backups? Do we just have to clone the partition and make copies of that each time?

It is a question that I have posed to our IT staff and they have not thought about it either.

What you want is a copy-on-write system to record the changes. Too bad you didn't go the whole way on security and run each users in a virtual machine. Then you could make a COW image of the partition, let the user run with that, then back up only the changed pages. When the backup gets large, commit the changes and take a "full" (whole partition) backup, and make a new working COW image for the user to use.

I do similar with development VMs, make some changes, run with it a while to see that they were *good* changes, then commit. Each day I back up only the differences between the reference image and the working image.

As nothing is set in stone yet, this sounds like a good idea. The question is about the security of the individual files using this system. The knowledge to anyone that may be watching the network on if there is 1 or 100 files being updated.

Any by file backup may provide details that may not want to be revealed. It is a tough question to look at.

One of the reasons to start looking at it before things are finalized.

User home directories will be encrypted and mounted on login. That is already confirmed as presently home directories are mounted on login.

Robin Laing

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]