Posts Tagged ‘Ubuntu’

Removing Encryption from Home Directories in Ubuntu 9.10 & 10.04

Friday, March 5th, 2010

I recently assembled a new workstation for home and in the process did a clean install of Ubuntu 9.10 on the system.  Though I have been working with Ubuntu’s very handy ecryptfs setup for encrypted home directories, I had limited such to laptops and had never done so on a desktop system before.  I figured I would give it a try and see what happened.

Performance tests done by others had always shown that there was a slight degradation of speed on ecryptfs encrypted filesystems, which I had fully expected, but I ran into something I hadn’t dealt with on my laptop: directory trees with hundreds of thousands of files.

The difference in speed of accessing individual files a few at a time in ecryptfs was never really noticeable, but I had never tried to stat a tree of 600,000+ files before.  It was as if my brand new system was an artifact from the ’70′s.  It dropped to its knees and cried.

Not believing how slow it was, I tested the issue by copying the directory tree to an unencrypted filesystem on the same physical hard drive and the same task (running ‘tree’ on the directory structure) took only a few seconds, instead of minutes.  It was apparent that any task which had to do a lot of file stat processing, simply dragged to a crawl under ecyptfs.

I was left with the dilemma of how to deal with changing my entire home directory under the ecryptfs system – complete with Ubuntu’s handy automatic mounting – to a standard, unencrypted form.  A bit of searching on the Web lead to dozens of approaches, some as drastic as copying the files to an unencrypted filesystem and removing the ecryptfs software.  That seemed ludicrous to me.  There should be no reason to disable an entire feature globally, to deal with one directory.

I finally came across some handy information on a blog, which gave me a clue as to how the automatic mounting worked in Ubuntu 9.04.  Although not exactly the same as the Ubuntu 9.10 implementation, it was more than enough to give me a very simple way to not only remove the encryption from my home directory, but to allow the system to work for me in creating an encrypted directory to use within my home directory, which took advantage of the slick auto-mount setup the Ubuntu developers had designed.

So, should anyone stumble on this issue, I’ll detail the steps taken here on how to alter Ubuntu 9.10 to switch a full home directory encryption to a normal home directory with an auto-mounting encrypted sub-directory.  The process is amazingly simple.  All text in red are actual commands to type. Green text is a file or directory path. “username” is a token for the name of your account.

  • Logoff the system.  No occurrences of your user account should be active.
  • Login as root or a different sudo enabled account.
  • Make sure that your account’s home directory is not mounted, using the ‘df‘ command.  If it is still in place, use umount /home/username to un-mount the encrypted filesystem.
  • Change the line “/home/username” to “/home/username/Private” in the /home/.ecryptfs/username/.ecryptfs/Private.mnt file using your favorite text editor.
  • mkdir /home/username/Private
  • chown username.username Private
  • Reboot the computer. (You can try restarting the cryptdisks init scripts, but I didn’t have any luck with it.)

When you login now, your previous home directory will be mounted at /home/username/Private instead of at /home/username.  Login the first time using a console rather than X11 (Ctrl-Alt-[F1-F6] from the login screen should be available) and move what files you want from ~/Private to your home directory and use the ~/Private encrypted directory for your sensitive documents.  Moving your dotfiles and hidden sub-directories back into /home/username is a good idea, unless you feel like re-configuring Gnome or KDE.

From this point on, Ubuntu will continue to automatically mount and dismount your ~/Private directory, just as it did for your entire home directory before.

Addendum: The procedure used above is identical in Ubuntu 10.04 LTS.

Tags: , , , , , , , , ,
Posted in Asides, Computers | 18 Comments »

A Tale of Two Systems (Three, really)

Wednesday, April 29th, 2009

I downloaded Kubuntu 9.04 the day it came out, to see if the bugs and other irritations of the previous release candidates had been worked out. At first, I installed it on my laptop, a Compaq Evo N800w and everything worked flawlessly out of the box, except for the PCMCIA wireless card, which I have yet to work out. That is, as they say, another story.

I worked on the laptop for a day or so and found myself quite happy with KDE 4.2.2 and the features it had. Though I had originally thought that the Plasma system would be worthless to me, once I found out that many plasmoids could be put in the dock(s) – it was an easy sell. The home directory encryption through ecrypt and flawless mounting of said directory at login, plus the added speed (quite noticeable) and large file size support of the EXT4 filesystem were icing on the cake.

I appreciated the new features and the new look and grew to like it enough to take the plunge. I installed it on my desktop system at home and work.

That’s when my troubles began. The saga went as such…

The systems both ran on an nVidia Quadro FX 3000 video card, which have served me well for some time. My old setup was running KDE 3.5.10 with Compiz-Fusion 0.7.4 without a single problem. I had been running Beryl for some time and Compiz before that and have only had a handful of crashes over the years, no worse than dropping out of X to the KDM login screen.

Kubuntu 9.04 was not destined to be that nice to me.

After installing on my home machine via Kubuntu’s upgrade path from 8.04 LTS to 9.04, things ran well enough for a time. But I started to get random lockups. Not X crashing, or even a kernel dump – it just locked up. After a hard reset, there was nothing in the logs to say why – which lead me to believe it is was kernel issue and a bad one.

At first I thought that perhaps the update process was messed up and I should install from scratch. After reading a few posts on various groups talking about disabling KDE4′s desktop effects to stop lockups, I figured I’d try that first. No luck. I disabled Compiz, going right down to bare bones KWM. No luck. Random lockups, with no rhyme or reason to them.

It smelled like a kernel issue to me, but I had no proof.

I finally decided to update my work workstation, which had the same card, to see if it might be an nVidia driver issue. No problems, even running with two monitors. The motherboards were different as were the CPU’s, but the video cards were identical, which made me put the aspect of a video driver problem on the back burner.

On a lark, a friend of mine gave me an old card he wasn’t using anymore, an nVidia GeForce 7600 GS. The 7600 took a newer driver and has a different GPU, which I thought might help me diagnose things if it worked without a problem. No go. It still locked up. It still smelled like a kernel issue.

So far, my home workstation was the only victim. Something with the motherboard, perhaps? I would have kept thinking that way, except that over the weekend, the work system locked up as well. Nothing in the logs. No sign as to why. I wasn’t even logged in locally to the machine, just remotely across SSH.

Now I had two different CPU’s (both AMD), two different motherboards and two different video cards (both nVidia, but running different drivers) which kept locking up on me. Thinking that perhaps the nVidia commercial drivers were the problem, I removed those from the equation and ran the open source “nv” driver instead on both machines. No luck, they both still would lock up randomly. My home workstation locked up when KDM wasn’t even running, as I tried installing a different driver, so I suspected that the video drivers and X11 were not the issue involved.

However, I had also reached my limit of tolerance. I reinstalled Ubuntu 8.04 LTS on both machines and have had no problems at all since. Yet, the laptop has yet to exhibit the same symptoms…

Though the laptop is using the open source drivers for it’s ATI video chip, it is running with Compiz and KDE4′s full effects and has no problem. I honestly don’t think this is an X issue.

What my mind keeps returning to is one factor: the CPU. Both of the desktop systems, with different motherboards, run AMD CPU’s. My laptop is running an Intel Mobile Pentium 4. I suspect that there is some nasty bug in the 2.6.28 kernel which doesn’t play well with AMD chips. Since I have nothing to go on in the logs and no kernel dumps to submit, I’m left waiting to see if the rest of the world runs into the same. Time will tell, I guess.

In the meantime, I’ll be patient. I can wait for KDE4, as attractive as it has become. Perhaps I’ll even try a different distribution with KDE4 included, to see if I have similar results – only this time I’ll do it on an AMD machine which is purely sacrificial.

I’ve been happy with Ubuntu, being Debian based, but allowing for real-world software at the same time. However, if I remain with the distribution it will be on a caveat: if I don’t have a couple of sacrificial machines to test on first, I’ll wait for the next LTS release.

I should have known better from the start.  A 96 hour ordeal, I could have avoided.

P.S.  For those that thing that 96 hours is a long time, bear in mind that the lockups were random and I was restoring my home directory and other partitions from backups as well between OS versions back and forth.

Tags: , ,
Posted in Asides, Computers, Personal | 2 Comments »