Automating backups to an encrypted drive
Bruno Wolff III
bruno at wolff.to
Sat Jan 26 19:18:20 UTC 2008
On Sat, Jan 26, 2008 at 08:56:14 -0800,
Richard England <rlengland at verizon.net> wrote:
> I'm not much help in this area but I think the OPs issue is having a
> script with an embedded password. If the script has to sudo or su to
> the correct environment to mount the drive and/or perform the backup to
> a drive with the encryption scheme the password would be in plain text
> and therefore compromised.
A more useful answer would be why is the script mounting the device?
It seems it would be more normal to have someone who knows the password
enter it when the device is first plugged in. The script could just check
to see if the device is available when it runs (and send some sort of reminder
if it isn't).
If the answer to the above question is because he doesn't want the encrypted
drive mounted all of the time, then it would be useful to hear what the
threat model is that produces that requirement.
More information about the fedora-list
mailing list