System used:
- Code: Select all
Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.88-1+deb9u1 (2018-05-07) x86_64 GNU/Linux
1. DISK SETUP
This assumes the device is /dev/sdb.
Everything must be done as root.
Partition disk if needed by setting up a Linux lvm partition:
- Code: Select all
$ cfdisk /dev/sdb
or
- Code: Select all
$ fdisk /dev/sdb
Wipe the partition. WARNING: will take a while.
- Code: Select all
$ dd if=/dev/zero of=/dev/sdb bs=4M
Setup encryption on device:
- Code: Select all
$ cryptsetup luksFormat /dev/sdb1
Open encrypted partition:
- Code: Select all
$ cryptsetup luksOpen /dev/sdb1 backup # creates /dev/mapper/backup
Create XFS file system:
- Code: Select all
$ mkfs.xfs /dev/mapper/backup # install "xfsprogs" if absent
2. MOUNTPOINT SETUP
Allow device, if present, to be mounted automatically at boot, and be prompted for password.
Create mountpoint, e.g. /backup
- Code: Select all
$ mkdir /backup
Find out UUID of /dev/sdb1 with any of the following:
- Code: Select all
$ blkid
$ ls -lha /dev/disk/by-uuid
$ lsblk -f
For instance:
- Code: Select all
$ lsblk -f
sdb
└─sdb1 crypto_LUKS e616b645-de31-46d0-9cf6-82e10d4f861b
└─backup xfs b9931a95-3197-41d4-943f-69af29fc6eb8
Edit /etc/crypttab by adding the following line:
- Code: Select all
backup UUID=<uuid of /dev/sdb1> none luks,nofail
"None" means the system will ask for the password as we're not using a keyfile. The "nofail" option will ensure that the system doesn't hang when the device isn't present. See "man crypttab" for more options.
Add the encrypted file system to /etc/fstab:
- Code: Select all
/dev/mapper/backup /backup xfs nofail,noatime,rw,user,x-systemd.device-timeout=30 0 2
The systemd device timeout is optional. See here for more info.
Mount all with:
- Code: Select all
mount -a
Reboot the system. While booting, the system will attempt to mount the device and prompt for a password, if it's plugged in. If not, it will ignore it.
3. ALLOW USERS TO WRITE TO EXTERNAL HARD DRIVE
Allow users to read and write to the external harddrive without changing ownership and permissions of the mountpoint /backup when the device is not mounted.
As root, mount /backup and then change ownership as needed. For instance:
- Code: Select all
$ mount /backup
$ chown user:users /backup
When mounted, ownership/permissions will then be:
- Code: Select all
$ ls -ld /backup
drwxr-xr-x 3 user users 57 jui 11 00:46 /backup
When not mounted, ownership/permissions will be:
- Code: Select all
$ ls -ld /backup
drwxr-xr-x 2 root root 4096 jui 10 20:05 /backup
When the external hard drive is plugged in, the system will notify you and ask for a password. Alternatively, mount the drive from the desktop. It will ask you to provide the password for device /dev/mapper/backup. It will be mounted under /backup if you followed this tutorial.
Hope this is useful. Comments and additional tips are welcome.