[plug] encrypting drives on a samba server and backups

Ari sothisistheinternet at gmail.com
Wed Oct 28 19:47:22 WST 2009


Phillip Bennett wrote:
> Ari wrote:
>> Hi all,
>>
>> Okay, I need some guidance here. I've helped a mate get started with
>> linux and he's happy using a FC11 install as a samba server (he wanted a
>> copy of what I had, but with more hard drives for backing up his video
>> editting, documents, etc etc). All is well with that, but after a recent
>> theft he's worried about his files being accessed if the server or the
>> backup drives are stolen. I'm not really sure where to start for
>> encrypting things but still having them available to all his windows
>> PCs. He has 3TB of storage drives (the FC11 install is on a separate
>> small 40GB drive) with the entire drives shared via samba. I've got him
>> using rsync for his backups to his external usb drives. Is it possible
>> to encrypt the samba shared drives and still have samba be able to use
>> them? What about the backups with rsync? I'm reluctant to admit I've
>> never worked with encryption on linux drives before, and I know I really
>> really should have as it's the sort of security measure that I should
>> know about. Help please :-(
>>
>> TIA,
>>
>> Ari
>> _______________________________________________
>> PLUG discussion list: plug at plug.org.au
>> http://www.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.linux.org.au
>>
>>
>>
>
> Hi,
>
> You could always try out LUKS encryption.  It's pretty standard with
> RedHat and probably fedora - my home box is off right now, so can't
> check for you..  Basically, you create an encrypted partition that gets
> opened at boot with a password.  You can even dictate the strength of
> the encryption when you set it up.  Once it's opened with the password,
> it will be seen by the operating system as just another block device
> that can be formatted as whatever you like (etx2/3, fat32, etc..) so
> samba would be able to see it and share it as if it was just another
> filesystem.  Once powered off, the encrypted data is inaccessible
> without the password.  We use it here in the Scottish Blood Service for
> keeping patient data secure on our mobile devices (laptops).
>
> Hth,
> Phil.
>

Thank you Phil, this sounds like it could be just the thing.

Ari



More information about the plug mailing list