3.1. Mounting a File System as Encrypted
To encrypt a file system with eCryptfs, execute the following command:
# mount -t ecryptfs /source /destination
Encrypting a directory hierarchy (
/source in the above example) with eCryptfs means mounting it to a mount point encrypted by eCryptfs (
/destination in the example above). All file operations to
/destination will be passed encrypted to the underlying
/source file system. In some cases, however, it may be possible for a file operation to modify
/source directly without passing through the eCryptfs layer; this could lead to inconsistencies.
This is why for most environments, Red Hat recommends that the names of both
/source and
/destination be identical. For example:
# mount -t ecryptfs /home /home
This effectively means encrypting a file system and mounting it
on itself. Doing so helps ensure that
all file operations to
/home pass through the eCryptfs layer.
During the mount and encryption process,
mount will allow the following settings to be configured:
-
Encryption key type
-
openssl,tspi, orpassphrase. When choosingpassphrase,mountwill ask for one.
Cipher
-
aes,blowfish,des3_ede,cast6, orcast5.
Key bytesize
-
16,32, or24. -
Enabled or disabled.
-
Enabled or disabled.
plaintext passthrough
filename encryption
After the last step of an interactive mount,
mount will display all the selections made and perform the mount. This output consists of the command-line option equivalents of each chosen setting. For example, mounting
/homewith a key type of
passphrase,
aes cipher, key bytesize of
16 with both
plaintext passthrough and
filename encryption disabled, the output would be:
Attempting to mount with the following options: ecryptfs_unlink_sigs ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=c7fed37c0a341e19 Mounted eCryptfs
The options in this display can then be passed directly to the command line to encrypt and mount a file system using the same configuration. To do so, use each option as an argument to the
-o option of
mount. For example:
# mount -t ecryptfs /home /home -o ecryptfs_unlink_sigs\ecryptfs_key_bytes=16 ecryptfs_cipher=aes ecryptfs_sig=c7fed37c0a341e19[2]
3.2. Additional Information
For more information on eCryptfs and its mount options, refer to
man ecryptfs (provided by the
ecryptfs-utilspackage). The following Kernel document (provided by the
kernel-doc package) also provides additional information on eCryptfs:
/usr/share/doc/kernel-doc-version/Documentation/filesystems/ecryptfs.txt
[2] This is a single command split into multiple lines, to accommodate printed and PDF versions of this document. All concatenated lines — preceded by the backslash (\) — should be treated as one command, sans backslashes.
Chapter 4. Btrfs
Btrfs is a new local file system under active development. It aims to provide better performance and scalability which will in turn benefit users.
Note
Btrfs is not a production quality file system at this point. With Red Hat Enterprise Linux 6 it is at a technology preview stage and as such is only being built for Intel 64 and AMD64.
210
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
