Question

4

How do I encrypt my /tmp directory?

rated 0 times [ 4] [ 0] / answers: 1 / hits: 5805 / 3 Years ago, sat, september 11, 2021, 5:34:29

After reading this question about how often tmp is cleared, it would be best for our setup if tmp is encrypted. How do I encrypt it?

My fstab looks like this:

proc            /proc           proc    nodev,noexec,nosuid 0       0

/dev/mapper/vg_doulos-root /               ext4    errors=remount-ro 0       1

# /boot was on /dev/sda1 during installation

UUID=205a1a54-7dfa-45a6-a7e3-4a7234b3a473 /boot           ext4    defaults        0   2

/dev/mapper/vg_doulos-home /home           ext4    defaults        0       2

/dev/mapper/vg_doulos-tmp /tmp            ext4    defaults        0       2

# swap was on /dev/sda2 during installation

#UUID=705e9f69-bf95-4d44-9119-c40076d10333 none            swap    sw              0  0

/dev/mapper/cryptswap1 none swap sw 0 0

crypttab:

# <target name> <source device>         <key file>      <options>

cryptswap1 /dev/sda2 /dev/urandom swap,cipher=aes-cbc-essiv:sha256

Is it sufficient to put something like this in crypttab?

crypttmp /dev/mapper/vg_doulos-tmp /dev/urandom

and then this to replace the tmp file entry in fstab?

/dev/mapper/crypttmp /tmp ext4 defaults 0 2

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

pipeag

Add To Favorites

Follow

Total Points: 489

Total Questions: 107

Total Answers: 115

Location: Iraq

Member since Fri, Jun 5, 2020

4 Years ago

pipeag questions

1 Server 22.04.1 subiquity autoinstall - system-install command fails after changing NIC name using netplan

Sat, Mar 19, 22, 10:29, 2 Years ago

1 Chrome menus disappears immediately in 30% cases (xorg issue?)

Fri, May 7, 21, 20:41, 3 Years ago

1 Budgie 21.10 switching keyboard layouts problem

Sun, Jan 9, 22, 04:46, 2 Years ago

1 can't connect to samba share files on ubuntu

Sun, Oct 10, 21, 10:48, 3 Years ago

1 How to restore file names that were renamed by a script

Fri, Sep 9, 22, 10:29, 2 Years ago

View All

answered 3 Years ago ledeball · Accepted Answer

The correct incantation in crypttab should look like this:

crypttmp /dev/mapper/vg_doulos-tmp /dev/urandom precheck=/bin/true,tmp,size=256,hash=sha256,cipher=aes-cbc-essiv:sha256

The most important part was the precheck=/bin/true. The reason why /tmp wasn't mounting was that cryptsetup was failing due to a precheck. The precheck noticed that the LVM partition was formatted for ext4 and refused to continue.

The fstab entry should look like this:

/dev/mapper/crypttmp /tmp ext4 defaults 0 2