FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Server Development

 
 
LinkBack Thread Tools
 
Old 09-19-2008, 07:45 PM
Mathias Gug
 
Default Creating a encrypted directory during the server installation

Hi,

Now that EncryptedPrivateDirectory [1] has been implemented by Dustin
Kirkland a new screen has been added to the ubuntu-server installer [2].
The question comes after information for the first user has been
gathered (Name, login and password).

Does it makes sense to add that step in the ubuntu-server installer ?

[1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory
[2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-19-2008, 07:54 PM
"David Portwood"
 
Default Creating a encrypted directory during the server installation

I would add this, I'm sure we could all come up with valid use cases.
David P.
----- Original Message -----
From: "Mathias Gug" <mathiaz@ubuntu.com>
To: <ubuntu-server@lists.ubuntu.com>
Sent: Friday, September 19, 2008 2:45 PM
Subject: Creating a encrypted directory during the server installation


> Hi,
>
> Now that EncryptedPrivateDirectory [1] has been implemented by Dustin
> Kirkland a new screen has been added to the ubuntu-server installer [2].
> The question comes after information for the first user has been
> gathered (Name, login and password).
>
> Does it makes sense to add that step in the ubuntu-server installer ?
>
> [1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory
> [2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png
>
> --
> Mathias Gug
> Ubuntu Developer http://www.ubuntu.com
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-20-2008, 03:49 AM
fenris
 
Default Creating a encrypted directory during the server installation

for me it make sense to secure the home user directory from other user in the server



-----Original Message-----

From: Mathias Gug <mathiaz@ubuntu.com>

To: ubuntu-server@lists.ubuntu.com

Subject: Creating a encrypted directory during the server installation

Date: Fri, 19 Sep 2008 15:45:24 -0400




Hi,

Now that EncryptedPrivateDirectory [1] has been implemented by Dustin
Kirkland a new screen has been added to the ubuntu-server installer [2].
The question comes after information for the first user has been
gathered (Name, login and password).

Does it makes sense to add that step in the ubuntu-server installer ?

[1]: https://wiki.ubuntu.com/EncryptedPrivateDirectory
[2]: http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com





Khairul Aizat Kamarudzzaman

Ubuntu-my LoCo Member

https://launchpad.net/~fenris

https://wiki.ubuntu.com/fenris

fenris@ubuntu.com










--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 04:03 PM
Thierry Carrez
 
Default Creating a encrypted directory during the server installation

fenris wrote:
> for me it make sense to secure the home user directory from other user
> in the server

Note that when the user is logged in, the data is decrypted and
protected by file system permissions (700), so the goal of setting up
the encrypted directory is more to protect the data against computer
theft than against other simultaneous users of the server (and the
installer question is very clear about that).

--
Thierry Carrez
Ubuntu server team

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 04:07 PM
"Andrew Hodgson"
 
Default Creating a encrypted directory during the server installation

Hi,

I doubt I would choose this for my servers - I may add it on at a later
time through a command or set of commands.

Andrew.

-----Original Message-----
From: ubuntu-server-bounces@lists.ubuntu.com
[mailto:ubuntu-server-bounces@lists.ubuntu.com] On Behalf Of Thierry
Carrez
Sent: 22 September 2008 17:04
To: ubuntu-server@lists.ubuntu.com
Subject: Re: Creating a encrypted directory during the server
installation

fenris wrote:
> for me it make sense to secure the home user directory from other user
> in the server

Note that when the user is logged in, the data is decrypted and
protected by file system permissions (700), so the goal of setting up
the encrypted directory is more to protect the data against computer
theft than against other simultaneous users of the server (and the
installer question is very clear about that).

--
Thierry Carrez
Ubuntu server team

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 05:09 PM
Mathias Gug
 
Default Creating a encrypted directory during the server installation

Hi,

On Mon, Sep 22, 2008 at 05:07:59PM +0100, Andrew Hodgson wrote:
>
> I doubt I would choose this for my servers - I may add it on at a later
> time through a command or set of commands.
>

I think that the work done by Dustin is excellent, useful and worth
advertising as much as possible. The process to set up encrypted
directories has been streamlined a lot thanks to his work.

However I wonder if asking the user to setup encrypted directories
during the -server installation process is useful. We try to keep the
installer as simple and straight forward as possible for the majority of
users. Is it worth adding another step to the installation process that
covers only a minority of -server use cases ?

The question is not whether encrypted directories are useful in a server
environment - they are for specific use cases (login servers, file
servers, not so much for database servers, http or mail servers) - but
whether it's worth adding an extra step to the installation process
asking the user to setup encrypted directories for the system.

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 05:21 PM
"Brett Alton"
 
Default Creating a encrypted directory during the server installation

Maybe it could be setup via tasksel for server deployment?

I can see how by default this would be excellent on the Desktop (e.g.:
taxes, banking information, private documents, etc.).

As a computer repair technician, it is amazing the sense of security
when Windows asks the user to enter in a password. If they leave a
computer with me and I am to backup their data (to soon wipe them to
Ubuntu ), they'll call me a day later stating "Oh I forgot to give
you my password." When I respond, "Its okay, I've already retrieved
your data and backed it up to DVD." They become shocked and scared
that I was able to do so, so easily with an Ubuntu LiveCD. However, if
they had a directory that was encrypted, I'd be out of luck in backing
up their data without a password. I then proceed to explain this to
them and what it means to have a "password" to an operating system,
not a hard drive.

So, +1 for me and for all those poor souls that are migrating from
Windows to Ubuntu.

Lastly, I work part-time/temporary for a school board and am an
adviser for a board member on a hospice committee and they would love
to hear how easily their nurses and doctors PCs and laptops can be
encrypted!

As most are currently aware, I apologize for the dumbing down of the
situation, but I thought some would like to hear real-world uses and
examples on an encrypted directory.

But as for the server-side, tasksel would suffice for me because if I
didn't want it on the initial install, I may want it at a later time
and tasksel would enable me to do that.

On Mon, Sep 22, 2008 at 1:09 PM, Mathias Gug <mathiaz@ubuntu.com> wrote:
> Hi,
>
> On Mon, Sep 22, 2008 at 05:07:59PM +0100, Andrew Hodgson wrote:
>>
>> I doubt I would choose this for my servers - I may add it on at a later
>> time through a command or set of commands.
>>
>
> I think that the work done by Dustin is excellent, useful and worth
> advertising as much as possible. The process to set up encrypted
> directories has been streamlined a lot thanks to his work.
>
> However I wonder if asking the user to setup encrypted directories
> during the -server installation process is useful. We try to keep the
> installer as simple and straight forward as possible for the majority of
> users. Is it worth adding another step to the installation process that
> covers only a minority of -server use cases ?
>
> The question is not whether encrypted directories are useful in a server
> environment - they are for specific use cases (login servers, file
> servers, not so much for database servers, http or mail servers) - but
> whether it's worth adding an extra step to the installation process
> asking the user to setup encrypted directories for the system.
>
> --
> Mathias Gug
> Ubuntu Developer http://www.ubuntu.com
>
> --
> ubuntu-server mailing list
> ubuntu-server@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
> More info: https://wiki.ubuntu.com/ServerTeam
>



--
Brett Alton
brett.jr.alton@gmail.com

Do you really need to print this email? Help preserve our environment!

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 05:21 PM
Rick Clark
 
Default Creating a encrypted directory during the server installation

On Monday 22 September 2008 12:09:17 Mathias Gug wrote:
>
> The question is not whether encrypted directories are useful in a server
> environment - they are for specific use cases (login servers, file
> servers, not so much for database servers, http or mail servers) - but
> whether it's worth adding an extra step to the installation process
> asking the user to setup encrypted directories for the system.
>

While I think we need to take a very close look at installer usability in the
future, I think that adding htis question makes little difference. It is
easy to preseed it and avoid all questions.

Rick Clark

> --
> Mathias Gug
> Ubuntu Developer http://www.ubuntu.com


--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 05:40 PM
"Dustin Kirkland"
 
Default Creating a encrypted directory during the server installation

On Mon, Sep 22, 2008 at 12:09 PM, Mathias Gug <mathiaz@ubuntu.com> wrote:
> However I wonder if asking the user to setup encrypted directories
> during the -server installation process is useful. We try to keep the
> installer as simple and straight forward as possible for the majority of
> users. Is it worth adding another step to the installation process that
> covers only a minority of -server use cases ?
>
> The question is not whether encrypted directories are useful in a server
> environment - they are for specific use cases (login servers, file
> servers, not so much for database servers, http or mail servers) - but
> whether it's worth adding an extra step to the installation process
> asking the user to setup encrypted directories for the system.

Obviously, my opinion is biased, so I'm not casting a vote on this
issue, I'm leaving it to the community to vote and decide.

I will offer a few words of support, though...

The current question looks like this:
* http://people.ubuntu.com/~mathiaz/setup_encrypted_dir.png

It immediately follows the prompts for the initial username and
password. The default response is "No", so if you just hit <enter>
here, the installer bothers you no more. The cost is one screen, one
keystroke in the "No, I don't want an encrypted Private directory"
case.

I think there is arguably far more value on the laptop/desktop case,
as these systems are far more likely to be physically stolen, in which
case an encrypted location to store your data might well be your life
saver.

However, I honestly believe that most server administrators would
benefit from having a single place (~/Private) to cryptographically
store sensitive information, such as passwords, documents, or
configuration information (without LVM-encrypting the whole disk and
paying the performance penalty for every read/write). At least I
certainly do.

I think the Ubuntu Server has an opportunity to _lead_ in the Linux
server industry in this case. And I think the new question in the
installer actually provides exposure to this feature that is otherwise
buried in the new /usr/bin/ecryptfs-setup-private command line
utility.

--
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
kirkland@canonical.com
GPG: 1024D/83A61194

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 
Old 09-22-2008, 06:40 PM
"Andrew Hodgson"
 
Default Creating a encrypted directory during the server installation

Mathias Gug wrote:

>On Mon, Sep 22, 2008 at 05:07:59PM +0100, Andrew Hodgson wrote:
>>
>> I doubt I would choose this for my servers - I may add it on at a
later
>> time through a command or set of commands.
>>

>I think that the work done by Dustin is excellent, useful and worth
>advertising as much as possible. The process to set up encrypted
>directories has been streamlined a lot thanks to his work.

Yes; I completely understand this, and definitely believe that this
feature is a real boon to the operating system and the community.

I was merely pointing out that I doubt I would use this on any of the
machines I administer, but actually thinking about your case - a file
server, or shell access server with users having encrypted parts of
their home directories, I may be tempted to set this up if I knew what
exactly was going on, rather than to just answer a yes/no question. I
haven't seen the technology working, so can't comment on the usability,
but when faced with any question about encryption (like I was with the
option to encrypt the LVM volume), my first thoughts are to how easy the
encryption keys are to back up and restore should anything go wrong, and
what extra steps may I need to take to get it working in a streamlined
and safe way. I would probably hit no at the first couple of times of
installation, then possibly look at it again later.

However, I do like the idea of a tasksel option, because I can always
run that again in the future, after doing the research, and this is
where I believe it may be possible to win more people over.

Thanks.
Andrew.

--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
 

Thread Tools




All times are GMT. The time now is 01:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org