Friday, November 16, 2012

Stopping Tumblerd in XFCE


Tumbler is a D-Bus service for applications to request thumbnails for various URI schemes and MIME types. It is an implementation of the thumbnail management D-Bus specification described here.

  • Issues with Tumblerd: 
    • Using more memory and CPU
    • Preventing removable storage devices from unmounting(then, ejecting)
      • External HDD
      • USB Pendrive
      • CD/DVD 
    • Usually, locking of external devices occur with Video files
$ lsof /run/media/mitesh/PHONE\ CARD
COMMAND   PID   USER   FD   TYPE DEVICE  SIZE/OFF NODE NAME
tumblerd 1268 mitesh    9r   REG   8,17  34902492 1625 /run/media/mitesh/PHONE CARD/video/abc.mp4
tumblerd 1268 mitesh   10r   REG   8,17  69869584 1624 /run/media/mitesh/PHONE CARD/video/def.mp4
tumblerd 1268 mitesh   11r   REG   8,17  35883924 1627 /run/media/mitesh/PHONE CARD/video/ghi.avi
tumblerd 1268 mitesh   14r   REG   8,17 293435929 1629 /run/media/mitesh/PHONE CARD/video/jkl/mno.flv
tumblerd 1268 mitesh   15r   REG   8,17 240015268 1630 /run/media/mitesh/PHONE CARD/video/jkl/pqr.flv

So, in order to get rid of this blocking process tumblerd, we can kill the tumblerd commands given by lsof, as: 
 
$ lsof /run/media/mitesh/PHONE\ CARD/ | awk '{print $2}' | grep -v PID | xargs -L 1 kill -TERM

PS: Please replace /run/media/mitesh/PHONE\ CARD/ with the mount point of the removable device, which is not allowed to be umounted.


If we want to remove this tumblerd, we can give following command:
  • Fedora
    • $ sudo yum remove tumbler
  • Debian/Ubuntu
    •  $ sudo apt-get remove tumbler
Posted by at 3 comments:
Labels: , , , , ,

Friday, November 9, 2012

Encrypt Directory in Linux

Encrypt Directory

This article describes basic usage of eCryptfs. It guides us through the process of creating a private and secure encrypted directory within our $HOME directory, where we can store all our sensitive files and private data.

In implementation eCryptfs differs from dm-crypt, which provides a block device encryption layer, while eCryptfs is an actual file-system – a stacked cryptographic file system to be exact.

Preliminary Note

In this wiki, I will encrypt a directory /home/mitesh/Private, which is located in /home partition. i.e. /home/mitesh/Private is an ordinary directory and does not use a partition of its own.

Installing eCryptfs

  • eCryptfs can be installed as following:
    • Debian
      • $ sudo apt-get install ecryptfs-utils
    • Fedora
      • $ sudo yum install ecryptfs-utils

Setup

Setup (Simple)

As a user, run the following command: 

$ ecryptfs-setup-private

and follow the instructions.

Setup (Detail)

  • First, we create private directories. 
    $ mkdir /home/mitesh/Private
$ mkdir /home/mitesh/.Private
$ chmod 700 /home/mitesh/.Private
$ chmod 500 /home/mitesh/Private
  • Let's summarize
    • Actual encrypted data will be stored in ~/.Private directory (lower directory)
    • While mounted, decrypted data will be available in ~/Private directory (upper directory)
      • While not mounted nothing can be written to this directory
      • While mounted it has the same permissions as the lower directory
  • eCryptfs can now be mounted on top of ~/Private. 
    $ sudo mount -t ecryptfs /home/mitesh/.Private /home/mitesh/Private
Passphrase: <-- some_passphrase
Select cipher:
 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 2) blowfish: blocksize = 16; min keysize = 16; max keysize = 56 (not loaded)
 3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
 4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
 6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]: <-- ENTER
Select key bytes:
 1) 16
 2) 32
 3) 24
Selection [16]: <-- ENTER
Enable plaintext passthrough (y/n) [n]: <-- ENTER
Enable filename encryption (y/n) [n]: <-- ENTER
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes=16
  ecryptfs_cipher=aes
  ecryptfs_sig=bd28c38da9fc938b
WARNING: Based on the contents of [/root/.ecryptfs/sig-cache.txt],
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.

Would you like to proceed with the mount (yes/no)? : <-- yes
Would you like to append sig [bd28c38da9fc938b] to
[/root/.ecryptfs/sig-cache.txt]
in order to avoid this warning in the future (yes/no)? : <-- yes
Successfully appended new sig to user sig cache file
Mounted eCryptfs
  • Remember to take backup of /root/.ecryptfs/sig-cache.txt file, if /root partition gets reformatted 
    $ sudo cp -r /root/.ecryptfs /home/mitesh/
  • Verifying mounting of eCryptfs 
    $ mount | grep -i private
/home/mitesh/.Private on /home/mitesh/Private type ecryptfs (rw,relatime,ecryptfs_sig=e8d08163d274c68f,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs)
  • Verifying encryption 
    $ cat ~/Private/test.txt
Some secret text
is present in this file.
$ sudo umount /home/mitesh/Private
$ cat ~/Private/test.txt
cat: /home/mitesh/Private/test.txt: No such file or directory
$ cat ~/.Private/test.txt
-#@%!*^(junk characters)^*!%@#-
  • Mounting without interaction (so passphrase must be in some removable device like USB pendrive) 
    $ sudo mount -t ecryptfs -o key=passphrase:passphrase_passwd_file=/mnt/usb/.ecryptfs-pass,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_passthrough=n,ecryptfs_enable_filename_crypto=n /home/mitesh/.Private /home/mitesh/Private
$ cat /mnt/usb/.ecryptfs-pass
passphrase_passwd=ThisIsAWeakPassword

Encrypting Other Directory

  • We can encrypt multiple directories, by putting those directories into /home/mitesh/Private and creating soft-links. 
    $ mv ~/Documents ~/Private
$ ln -s ~/Private/Documents ~/Documents
  • By following the above 2 steps, we have encrypted directory ~/Documents .

Unmount

$ sudo umount /home/mitesh/Private
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)