I was wondering if there was a standard location for storing user level application data. What I mean by that is stuff like Firefox bookmarks, Skype message history/password, etc. I'm asking because I am not sure if I should go with home directory encryption vs full disk encryption.
SnapOverflow
From the examples you have provided, I take it that you mean application data specific to a certain user's configuration, usage or the data owned by the user (e.g., mail messages, templates, themes). In this case, these data are stored in the user's home directory as "dot-files" or inside an application-specific "dot-directory".
Quoting from the Unix file-system hierarchy standard:
The linux file-system hierarchy standard also states almost the same thing.
For example, the user's configuration for the vim editor is stored in .vimrc inside the home directory, the firefox profile (containing among other things the users bookmarks and history information) is stored in a separate directory within the user's home-directory (~/.mozilla/firefox/
<randomstring>.default)Typically all applications will store information about user initiated sessions, passwords etc within the user's home directory in such "dot-files/ directories".
So (extrapolating a bit), if you want just enough encryption that user-specific data is protected, then home directory encryption alone would suffice.
Having said that, it is possible, like with all things linux, to customize and override the default location and choose to store these application specific user-data elsewhere. However, in Ubuntu, that needs to be explicitly done by the user.
Your home directory is the only place where you can store files permanently. Applications typically store their configuration and automatically saved data in a file or directory called
.application-namein your home directory. (Some applications save in groups, e.g.,~/.gconfcontains data from many Gnome applications.)However, you can have confidential or privacy-relevant data stored in other places. Whether you want to encrypt these places depends on how sensitive you think that data is.
Anything (well, almost) that can be in RAM can also be in swap. It takes a bit of work and a bit of luck, but someone who steals your disk could find some worthwhile data in the swap.
Many applications store temporary files in
/tmp.If receive mail locally (as opposed to fetching it from a POP or IMAP server), it arrives in
/var/mail. If you send mail using the traditional unix method (sendmail), it transits via/var/spool/postfix(or whatever your MTA is). If you don't understand this paragraph, it doesn't apply to you.If you set up recurring tasks, they are stored in
/var/spool/cron.When you print something, it transits in
/var/spool/cups.The system logs might contain data you'd rather keep private, such as network errors from sites you've tried to connect to or from.
You can encrypt the swap partition with dm_crypt (install the
cryptsetupand read the documentation; or do it as part of the initial installation, but I think you'll have to use the alternate CD).Once you've encrypted the swap,
/tmpis best dealt with by making ittmpfs. See here for a write-up.You might choose to use tmpfs for other things such as print spools. But it's not suitable for others such as system logs. If you're going to encrypt every possibly-sensitive data, you might as well encrypt the whole system.
In addition to what Giles said, if you use Apache Webserver (or pretty much any other webserver) they save your website files in /var/www
I'm not sure where SQL Server saves your Databases as a default...I'm forever learning :)
Vortex