| Linux Forum Index » Linux Security » How to protect a partition or files stored on an USB... |
|
Page 1 of 1 |
|
| Author |
Message |
| Alberto M. Scattolo... |
 Posted: Wed Jun 17, 2009 3:21 am |
|
|
|
Guest
|
Hi guys!
USB flash drives are getting bigger and bigger and I'd like to protect
my data in case I lose my usb key.
Given that the USB flash drive has 2 partitions, first vfat (for
windows compatibility) and one ext2 (or other).
Requirements:
- prevent unauthorized access to ext2 partition or at least to files
on the partition (no need to protect the vfat). Encryption may be a
solution, but data encription is not a requirement
- no root privileges required to mount and use the partition on host
computers (linux)
- no need to install any software on host computers
Do you think it can be possible?
I know there are some ways to encrypt entire partitions but as far as
I know they all require at least root access to mount it.
On the other side I don't know if there is any software most likely
installed on common linux distro to encrypt/decrypt data.
I was considering two scenarios:
1) to place a software on vfat partition to let host pc use the
protected partition (but I suspect this to require root access)
2a) to write a script that encrypt/decrypt files and directory using
sw commonly available on any linux machine. The idea is: i mount my
ext2 partition where there are: encrypted files and script to decrypt
them. I decrypt data, I work on the partition and then I encrypt
everything before unmount it. This is less secure for some aspects but
more flexible, I can encrypt just what I need.
2b) as 2a but writing a java/python sw to do the work so that I can be
fairly assume it will work on msot of linux computers
Other ideas or suggestions?
Thanks a lot for your time!
Best regards
--
A |
|
|
| Back to top |
|
|
|
| Alberto M. Scattolo... |
| Posted: Wed Jun 17, 2009 5:53 am |
|
|
|
Guest
|
Hi Greg and huge thanks!
Yes, sure, any user should be able to mount it, if he knows the right
password or has the right certificate 
My problem is that I need a portable solution so that I can use my
data on university computer where I don't have root password for
obvious reasons. Otherwise I can simply use dm-crypt to encrypt my
ext2 partition but I'll can mount it only on my computer since I need
root password to mount volumes and/or install required software if
any.
I think it would be very hard to make the system work with an entire
filesystem so probably the only solution that do not require root
access is encryption of single files/directory.
I've considered to make a script that do:
find --> gpg -ed --> rm
but I would like something more elegant... unfortunately gpg does not
encrypt entire directories.
So, solutions and ideas are always welcome :)
Thanks again to everybody
Bests
--
A |
|
|
| Back to top |
|
|
|
| Alberto M. Scattolo... |
| Posted: Wed Jun 17, 2009 7:29 am |
|
|
|
Guest
|
Uhmmm I think that maybe was not clear.
I'm saying that I'd like to have some "protected" data (files,
directories or an entire partition) on my usb flash drive, so that it
is required to know a password to access it. There are a lot of
solution to this problem but, as far as i know, all methods requires
the user to have root access on the pc to read the data for one or
both the following reasons:
- to mount a logical device (that can not be automaunted by the
system) if we encrypt the entire partition
- to install required software for encryption/decryption (unless it is
already installed on the system)
Since it is an usb flash drive, I'd like the data to be accessible on
all linux computers, without requiring root access.
I suspect that the mounting problem is not solvable without root
permissions... so I would go for an encryption software. Is there any
candidate that can be commonly found in a linux pc?
I was thinking baout gpg but I'd like to keep it as last option...
Thanks everybody.
--
A |
|
|
| Back to top |
|
|
|
| Greg Russell... |
| Posted: Wed Jun 17, 2009 9:34 am |
|
|
|
Guest
|
In news:321b0ecd-ce4e-444b-89c4-d9fddd5cb502 at (no spam) a36g2000yqc.googlegroups.com,
Alberto M. Scattolo <thedarkfreesoul at (no spam) gmail.com> typed:
Quote: Requirements:
- prevent unauthorized access to ext2 partition or at least to files
on the partition (no need to protect the vfat). Encryption may be a
solution, but data encription is not a requirement
- no root privileges required to mount and use the partition on host
computers (linux)
....
What then would constitute "authorized access" if no root authorization is
required? Any normal user could mount the USB partition and raise havoc at
will. |
|
|
| Back to top |
|
|
|
| Greg Russell... |
| Posted: Wed Jun 17, 2009 10:34 am |
|
|
|
Guest
|
"Alberto M. Scattolo" <thedarkfreesoul at (no spam) gmail.com> wrote in message
news:95df4cc6-ee68-4f23-aa81-87ccbb9aaf05 at (no spam) x3g2000yqa.googlegroups.com...
Quote: My problem is that I need a portable solution so that I can use my
data on university computer where I don't have root password for
obvious reasons.
You need to ask the network administrator for help rather than a Usenet
newsgroup. |
|
|
| Back to top |
|
|
|
| C. (http://symcbean.blogspot.com/)... |
| Posted: Thu Jun 18, 2009 1:34 am |
|
|
|
Guest
|
On Jun 17, 6:29 pm, "Alberto M. Scattolo" <thedarkfrees... at (no spam) gmail.com>
wrote:
Quote: Uhmmm I think that maybe was not clear.
I'm saying that I'd like to have some "protected" data (files,
directories or an entire partition) on my usb flash drive, so that it
is required to know a password to access it. There are a lot of
solution to this problem but, as far as i know, all methods requires
the user to have root access on the pc to read the data for one or
both the following reasons:
- to mount a logical device (that can not be automaunted by the
system) if we encrypt the entire partition
- to install required software for encryption/decryption (unless it is
already installed on the system)
Since it is an usb flash drive, I'd like the data to be accessible on
all linux computers, without requiring root access.
I suspect that the mounting problem is not solvable without root
permissions... so I would go for an encryption software. Is there any
candidate that can be commonly found in a linux pc?
I was thinking baout gpg but I'd like to keep it as last option...
Thanks everybody.
--
A
I'm not very familiar with user-space filesystems, but the page at
http://www.debianadmin.com/filesystem-encryption-tools-for-linux.html
says that "Like other FUSE/LUFS filesystems it does not need root
access or any complicated setup like creating a filesystem on a
encrypted disk using the loop device."
HTH
C. |
|
|
| Back to top |
|
|
|
|
