Home » linux documentation » file management » cryptsetup-luks on fedora

cryptsetup-luks on fedora: step 9, 10

by tom.mcmanus | Thu, 10/23/2008 - 16:00

cryptsetup-luks on fedora: step 9, 10

Step 9: Restore the user's Home directory

Re-create the unpriviledged user:

# useradd -m jmaher
# passwd jmaher
Changing password for user jmaher.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
#

The -m option create's the user's home directory using the files and directories in /etc/skel as a template.

Now we need to copy MOST of the user's backed-up files back to the user's Home directory. I say MOST because I have found that copying all of the files back to the user's Home directory will break the use of the Home directory for that user. I have not investigated this, so someone else may want to comment as to the reason for this. Basically, I found it safe to copy all non-hidden files and directories back to the /home/jmaher using the following command:

# /bin/cp -r --preserve /root/jmaher/* /home/jmaher

The -r options allows recursion of subdirectories to occur, and the --preserve option preserves permissions and ownership of the files and directories.

I would recommend selectively copying hidden files and directories for those applications you find most important. For example, I really wanted my Thunderbird, Firefox, and ssh settings to be restored, so I used the following commands:

# /bin/cp -r --preserve /root/jmaher/.thunderbird /home/jmaher
# /bin/cp -r --preserve /root/jmaher/.mozilla /home/jmaher
# /bin/cp -r --preserve /root/jmaher/.ssh /home/jmaher

If you had previously modified .bashrc, .bash_profile, or .bash_logout, then you may want to copy those files as well.

Don't reboot yet, but you should now be able to test your actions and log on as the unpriviledged user (jmaher) using the following command:

# su - jmaher

After confirming that you can log on as the unpriviledged user without errors indicating that the user's environment in /home is missing, log off as the unpriviledged user to return to root.

# logout

Step 10: Modify /etc/fstab

Some aspects of the boot sequence need to be changed, because the physical volume (/dev/vg0/home) that gets mounted to /home is encrypted and is no longer a recognizable file system as far as /bin/mount is concerned. Of course, if cryptsetup is used to open the device (using the command cryptsetup luksOpen /dev/vg0/home), then /bin/mount could see that the device has an ext3 file system, and the device can be mounted.

So here are the steps to do that.

Change the line in /etc/fstab that mounted the Home directory so that:
(a) the first field refers to /dev/mapper/home rather than /dev/vg0/home
(b) the fifth field no longer indicates that this device should be accessed by the dump command
(c) the six field no longer indicates that fsck should check this device at boot time.

In short, change the line that looks similar to this:

/dev/vg0/home /home ext3 defaults 1 2

and change it to this:

/dev/mapper/home /home ext3 defaults 0 0