Tag: mount

Security, Ubuntu

Create encrypted file container using truecrypt (Ubuntu)

1. Create the key:

truecrypt --create-keyfile /etc/tc.key \
--hash=Whirlpool \
--random-source=/dev/urandom

2. Change permissions on the key:

chown 600 /etc/tc.key

3. Create the encrypted file container

  • save the truecrypt file in /root/tc.volume
  • encrypt with triple encryption algorithm AES-Twofish-Serpent (slower than just AES but arguably more secure, since the data is encrypted three times by a cascading algorithm, with three different keys: first with AES, then by Twofish, and then by Serpent)
  • use Whirlpool hash
  • format filesystem to ext4
  • do not use the password
  • use the generated key file /etc/tc.key
  • volume is 1G = 1073741824 bytes
truecrypt -c /root/tc.volume \
--volume-type="normal" \
--encryption="AES-Twofish-Serpent" \
--hash=Whirlpool \
--filesystem=ext4 \
-p "" \
--keyfiles=/etc/tc.key \
--size=1073741824 \
--random-source=/dev/urandom

4. Create a mountpoint:

mkdir -p /u

5. Mount the encrypted file container:

truecrypt /root/tc.volume /u --keyfiles=/etc/tc.key

6. Verify that the encrypted volume is mounted:

truecrypt --list

This should produce the output similar to the below:

1: /root/tc.volume /dev/mapper/truecrypt1 /u
Ubuntu

Share ZFS partitions via NFS

ZFS come with a built-in ability to share ZFS filesystems via NFS without having to use Ubuntu’s nfs-kernel-server on Ubuntu. In order to do so, set the nfsshare=on property on the ZFS partition you would like to export. For example, if you want to share the documents filesystem in the u pool via NFS, run the following from the root shell:

zfs set sharenfs=on u/documents

This enables the u/documents filesystem for NFS sharing.
In order to make it available, run the following command (again, from the root shell):

zfs share u/document

By default, Ubuntu directories get the drwx,r-x,r-x permissions, which means that only the owner of u/documents get the “write” permissions, and everyone else gets the “read and execute” permission. In order to allow the “read-write-execute” permissions for NFS clients, run the command:
chmod 777 /u/documents
This way, remote clients get the “write” permission on the documents directory; however, the files or directories created by them remain “read-execute” to anyone else.

To mount the remote NFS filesystem on a client, run the following on a client (from the root shell):

mount -t nfs nfsfileserver:/u/documents /mnt/documents


The nfsfileserver parameter is the ip address or the dns-resolvable name of the NFS server. The /mnt/documents directory must exist prior to mounting.

When mounting NFS filesystems on Mac OS X, it is important to pass the resvport parameter, or the NFS mount fails with a permissions denied error.

mount -t nfs -o resvport nfsfileserver:/u/documents /mnt/documents


For information on how to install ZFS on Ubuntu, please see the following post: Installing ZFS on Ubuntu.

For information on how to configure ZFS pools and partitions on Ubuntu, please see the following post: Configure ZFS-RAIDZ on Ubuntu.