个人工具
登录
查看“UbuntuHelp:FolderEncryption”的源代码 - Ubuntu中文
UbuntuHelp
讨论
查看源代码
历史
搜索
导航
首页
最近更改
随机页面
页面分类
帮助
编辑
编辑指南
沙盒
新闻动态
字词处理
工具
链入页面
相关更改
特殊页面
页面信息
查看“UbuntuHelp:FolderEncryption”的源代码
来自Ubuntu中文
←
UbuntuHelp:FolderEncryption
跳转至:
导航
,
搜索
因为以下原因,你没有权限编辑本页:
您所请求的操作仅限于该用户组的用户使用:
用户
您可以查看与复制此页面的源代码。
{{From|https://help.ubuntu.com/community/FolderEncryption}} {{Languages|UbuntuHelp:FolderEncryption}} == Folder Encryption with encfs and pam-encfs == (author Roland J can be reached at kf03jaro at student dot chalmers dot se) Encfs is an application that allows you to create encrypted folders, any file that is placed in such a folder will be encrypted. To open an encrypted folder you need a correct password. There is also an add-on to encfs called pam-encfs. This add-on allows automatic encryption of a users home-directory. Both encfs and pam-encfs must be set up from a terminal so this tutorial might be a bit difficult for linux newcomers. In the first part of the tutorial I will explain how to use encfs and then how to set up pam-encfs. === Setting up encfs === To install encfs you need to have access to the universe-packages of ubuntu. How this can be done is beeing described here: https://wiki.ubuntu.com/MOTU/Packages?action=show&redirect=UniversePackages Now enter a terminal and type: <pre><nowiki> sudo apt-get install encfs </nowiki></pre> This will install encfs and probably also fuse-utils and libfuse2, which are required. You need to have the kernel-module named "fuse" loaded in order to use encfs. To load this module simply type: <pre><nowiki> sudo modprobe fuse </nowiki></pre> Remember, this module must be loaded every time you intend to use encfs. If you want to have this module always loaded you must edit the file /etc/modules and add the line fuse to the bottom line. Now we have to set up permissions to use fuse. This is done in two steps. First add your user to the group fuse by typing: <pre><nowiki> sudo adduser <your login username> fuse </nowiki></pre> So for example if your login-name is donald you should type <pre><nowiki> sudo adduser donald fuse </nowiki></pre> The second step is to change the permissions of the file fusermount. This is done by typing: <pre><nowiki> sudo chmod +x /usr/bin/fusermount </nowiki></pre> Finally you are ready to create the encrypted folder. The application encfs will create one folder which contains the encrypted files and one folder where the files are unlocked and accessible. The syntax for encfs is: encfs <path to encrypted folder> <path to visible folder> For example, I wish to have a folder in my home-directory called visible and another one called encrypted. Therefore I could write: <pre><nowiki> encfs ~/encrypted ~/visible </nowiki></pre> Where the '~' indicates that the folders shall be placed in the home-directory. First encfs will ask you to create the selected folders. Simply type 'y'. Then it asks which degree of encryption that should be used. I prefer to simply press enter to use default encryption-level. At last encfs will ask you for the password that is needed to reach the encrypted information. If things work out correctly and you don't recieve an error-message after typing in your password you are now free to use the folder ~/visible to store all kinds of sensitive information:-) In order to close the ~/visible folder simply type: <pre><nowiki> fusermount -u ~/visible </nowiki></pre> As long as the folder is closed all the information in ~/visible will seem to have disappeared. The only way to gain access to this information again is by unlocking it. This can be done in a terminal by typing: <pre><nowiki> encfs ~/encrypted ~/visible </nowiki></pre> You will be asked for the proper password to gain access. === Setting up pam-encfs === The goal of this part of the tutorial is to create a user which has an encrypted home-directory. It is assumed that you already have encfs installed on your computer. Warning! This topic is intented for medium/advanced ubuntu users. Incorrectly configuring pam-encfs could lead to problems logging in. This is why I prefer to have the root login activated. This way, if something goes wrong, I can (almost)always log in with root and correct my misstakes. For info on how to enable root login read: https://wiki.ubuntu.com/RootSudo?action=show&redirect=EnableRootLogin I have not yet found libpam-encfs in any of the "main" repositories included in ubuntu. However a search on google for "libpam-encfs ubuntu" got me here: http://mirror.stanford.edu/yum/pub/ubuntu/pool/universe/libp/libpam-encfs/ Where I simply downloaded http://mirror.stanford.edu/yum/pub/ubuntu/pool/universe/libp/libpam-encfs/libpam-encfs_0.1.2-4_i386.deb I then installed the package with <pre><nowiki> sudo dpkg -i libpam-encfs_0.1.2-4_i386.deb </nowiki></pre> '''Edgy users:''' libpam-encfs is included in the Edgy universe so you can install simply with: <pre><nowiki> sudo apt-get install libpam-encfs </nowiki></pre> After this I altered the file /etc/pam.d/common_auth so that it looks like this: <pre><nowiki> auth sufficient pam_encfs.so auth required pam_unix.so nullok_secure use_first_pass </nowiki></pre> Obviously you should not need to remove any of the information in this file. Simply add what is missing. For pam-encfs to work in gnome you need to type: <pre><nowiki> sudo echo "user_allow_other" > /etc/fuse.conf </nowiki></pre> This adds the text user_allow_other to the file fuse.conf Now edit the file /etc/security/pam_encfs.conf and comment the line: "- /home/.enc - -v allow_other" and add the line: "- /mnt/storage/enc - -v allow_other" It should look like: <pre><nowiki> #- /home/.enc - -v allow_other - /mnt/storage/enc - -v allow_other </nowiki></pre> You probably also need to change: "fuse_default allow_root,nonempty" To: "fuse_default allow_other,nonempty" Now it is time to create the user that will have an encrypted home. In this tutorial I will call this user "testuser". <pre><nowiki> sudo adduser testuser </nowiki></pre> Remember testuser's password as you need it when you create the encfs folders as well. Now put this user in the fuse group by typing <pre><nowiki> sudo adduser testuser fuse </nowiki></pre> Create the folder that will contain the encrypted information by typing: <pre><nowiki> sudo mkdir -p /mnt/storage/enc/testuser </nowiki></pre> Let testuser be the owner of this folder by typing: <pre><nowiki> sudo chown testuser:testuser /mnt/storage/enc/testuser </nowiki></pre> Become testuser by typing: <pre><nowiki> su testuser </nowiki></pre> Create the encfs-encrypted folders: <pre><nowiki> encfs /mnt/storage/enc/testuser /home/testuser </nowiki></pre> Make sure that you use the same password here as for testuser's login. Unmount the folder <pre><nowiki> fusermount -u /home/testuser </nowiki></pre> Exit testuser <pre><nowiki> exit </nowiki></pre> Now when you login as testuser pam-encfs will mount testuser's homefolder using encfs and all the files saved here will be encrypted. Note that this is an advanced topic and if things fail you can always lookup the supplied documentation at: /usr/share/doc/libpam-encfs/README The supplied documentation also describes how to export your current home-directory to make it encrypted. ---- [[category:CategoryDocumentation]] [[category:CategoryCleanup]] [[category:UbuntuHelp]]
该页面使用的模板:
模板:From
(
查看源代码
)
模板:Languages
(
查看源代码
)(受保护)
模板:Languages/Lang
(
查看源代码
)(受保护)
返回至
UbuntuHelp:FolderEncryption
。