We have a small network with a Ubuntu server in the middle and Ubuntu notebooks around. The notebooks all use eCryptfs to encrypt the whole home directory of users. Usually, there are two or more users per notebook. The backup procedure stays inside the network, so we are fine with transfering the files unencrypted to the server. We'd like to go with an rsync based solution, but are fine with others, too.
We ran into difficulties when trying to backup the home directories of the notebooks, that brought us major headaches. It boils down to this:
If user A is logged in, the home directory is decrypted, and the encrypted files in
/home/.ecryptfs/Aare locked against reading from other processes (which is a good thing)If user B is not logged in, his home directory is not decrypted, there are only the encrypted files in
/home/.ecryptfs/B.We need to have a backup script, that can run, while user A is logged in (because she starts it manually in our case) and user B may or may not be logged in (usually not).
Now the question is: What should we backup? If we go for the encrypted data, the stuff of user A cannot be backed up. Decrypted data means on the other hand, that user B must be logged in, too. And mixing both leads to a fun time, when it comes to restoring something.
Are there perhaps other solutions to this problem, that we missed?
Are you sure that
/home/.ecryptfs/Ais locked for reading? I use ecryptfs and while I'm logged in and can browse and read the files in/home/.ecryptfs/myusername/.Private. I just tried going into that directory (and sub-directories) and opening files (usingvim -b) and I could read them fine. I'd certainly want them locked for writing, but I don't see why they'd be locked for reading. What OS version are you using? (I'm on Ubuntu Lucid 10.04). Maybe ask a separate question about errors you're getting, because maybe something else is causing the problem.To directly answer your question - back up the contents of
/home/.ecryptfs/. This will backup (encrypted copies of) all the files for all users.In addition you ought to be able to decrypt the files if necessary. So you should store the unwrapped passphrase somewhere secure, in case the user forgets their password, leaves ... To obtain it, have the user run
while logged in, and store the result somewhere. It's small enough that you could write it down (
doubletriple check it) and store it in a safe, or have two people keep half of it each or some such, depending how much security you require.Otherwise you would need
/home/.ecryptfs/*/.ecryptfs/wrapped-passphraseand the users' passwords.You should also note that rsync won't be able to speed up file transfers when syncing encrypted data. Any change in the unencrypted file will completely change the encrypted file. And compression won't really work with encrypted data. This shouldn't be a big issue for your case, where the sync is across a LAN, but may be important for other people reading this question. Though rsync can still check if an encrypted file is unchanged, so it won't have to re-transfer unchanged files.
Readers of this question might also be interested in this guide to backing up by the maintainer of ecryptfs.
Presumably the passphrase of the user not present is absolutely needed for decryption. Hence your only option is to look for a solution that backs up encrypted files, and use this for both users. This has the advantage that the apparently confidential information is also encrypted on the backup media - which can be important if you're transferring it around the place (for offsite).
I'm not familiar with ecryptfs but it sounds like the files are standard files when viewed by the underlying filesystem (at a guess ext3).
So, 1) Is the 'original' directory that contains the encrypted data actually somewhere else, and then mounted so that the unencrypted version appears at the location you've given - in which case you could just get the encrypted data from the original location. Some of the ubuntu documentation suggests that the unencrypted private files are what you see in /home/.ecryptfs/A/Private and their encrypted counterparts are actually present in /home/.ecryptfs/A/.Private. If so, and you use rsync you will have the encrypted .Private directory for both users anyway, and for clarity you could use the exclude options of rsync to prevent backup of the unencrypted Private directory.
2) Alternatively, you question reads a bit like the entire folder A (or B) is encrypted, and possibly the unecrypted and encrypted versions mount at the same location. If so, could you try something like mount -o ro --bind /home/.ecryptfs/A /mnt/encryptedA which would provide another access point to A's directory via /mnt/encryptedA. If this was done before user login then possibly you'd retain access to the encrypted version via /mnt/encryptedA even while /home/.ecryptda/A gives access to the unencrypted version. I don't know whether this will work - you'd just have to try it and see.
Why not "just" synchronize their files on log out to a share. this way instead of having to manually start your job it'll "autorun" (cron, action event ...) copy the unencrypted files to the share (which may or may not be encrypted) and then encrypt its own FS again before logging out.
I can see this not being the ultimate solution, but this means that the user'll always have a up to date backup since his files are synced on the server. And if user B hasn't logged in for a while, then there's no harm in not backing him up because his files won't have changed to begin with.
Is this something along the lines of what your looking for, or are you aiming for a more .... streamlined, all in one solution ?
Ideally though chucking the lot over a ENCRYPTED transfer for backing up would be better since right now you leave your valuable data right open to man in the middle and / or sniffing attempts.