On Tue, Jan 13, 2009 at 09:40:47 -0700, Robin Laing <Robin.Laing@xxxxxxxxxxxxxxx> wrote: > > I am about to install a system where each users home directory will be > encrypted and mounted on login and unmounted on logout. > > Is there a tool that allows partition backups of only the changes as > with incremental backups? Do we just have to clone the partition and > make copies of that each time? Not that I am aware of. In theory if changes to their directories makes only localized changes to the encrypted data, then you could just save the changed blocks. This will leak some information, but that information would be available to people who could see multiple backup tapes in any case, so it may not be a big deal. > It is a question that I have posed to our IT staff and they have not > thought about it either. It's a bit late in the game to do this, as how you do the encryption should be coordinated with your backup strategy. There are also some issues with backing up key material. If you are say using luks to encrypt the home directories, having backups of the encrypted keys has some additional risks and deleting old pass phrases doesn't work on the backed up copies. Depending on your threat model and how some compromises are handled this might be acceptible. But it is still something to take into consideration. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
