特殊:Badtitle/NS100:EncryptedFSOnLVMOnRAID

来自Ubuntu中文
Wikibot留言 | 贡献2007年11月30日 (五) 17:08的版本 (新页面: {{From|https://help.ubuntu.com/community/EncryptedFSOnLVMOnRAID}} {{Languages|UbuntuHelp:EncryptedFSOnLVMOnRAID}} == Setting up an encrypted RAID filesystem == This wikipage explains how ...)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳到导航跳到搜索

{{#ifexist: :EncryptedFSOnLVMOnRAID/zh | | {{#ifexist: EncryptedFSOnLVMOnRAID/zh | | {{#ifeq: {{#titleparts:EncryptedFSOnLVMOnRAID|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:EncryptedFSOnLVMOnRAID|1|-1|}} | zh | | }}

Setting up an encrypted RAID filesystem

This wikipage explains how to setup an encrypted RAID filesystem using these layers:

  • raid
  • lvm
  • dm-crypt
  • ext3

Get superuser priviledges:

sudo -s -H

Install needed packages:

aptitude install mdadm gddrescue cryptsetup pwgen lvm2

Create the RAID, specifying the devices to be used: (In this case sda1, sdb1 and sdc1)

mdadm /dev/md0 --create -n 3 -l 5 -z 488281250 -c 256 /dev/sd{a..c}1

Some commands to be run: (I'll clean up this section later!)

cat /proc/mdstat
mdadm --detail /dev/md0
pvcreate /dev/md0
vgcreate rawlargevg /dev/md0
lvcreate -n rawsharelv -l 238418 rawlargevg

Randomize the disk content: (This takes about 2 whole days with 3 x 500GB disks)

ddrescue /dev/urandom /dev/rawlargevg/rawsharelv urandomminglog

Create the encrypted volume on top of the random data: (See the next section, on how to create a random password!)

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/rawlargevg/rawsharelv

You can use pwgen, to make a random password: (This command creates 200 12-character passwords)

pwgen -ync 12 200

Now open the encrypted volume:

cryptsetup luksOpen /dev/rawlargevg/rawsharelv encsharedev

Format the volume as ext3:

mkfs.ext3 -m 0 /dev/mapper/encsharedev

Make the mount-directory:

mkdir /media/share

Create a desktop-link or similar pointing at this command: (use gksudo, or kdesu) - AS ROOT!!!

cryptsetup luksOpen /dev/rawlargevg/rawsharelv encsharedev && mount /dev/mapper/encsharedev /media/share

Run the link you just created, or run the command directly from a root-terminal! Now, lets modify the chown and chmod settings on the folder:

chown USERNAME:USERNAME /media/share
chmod 777 /media/share

Congratulations, now you have an encrypted filesystem on /media/share!