Using the Backup Service with Ubuntu's Private Directory
I'm considering enrolling one of my Linodes in the Linode Backup Service, but I had a question concerning Ubuntu's encrypted private directory feature
On the link above, which lists some caveats for Ubuntu's encrypted private directory system, it states this: "By design, data is not kept private to privileged users while the user is logged in. One consequence of this is if ~/Private is mounted, a backup solution may backup your decrypted files unless the backup software is configured to exclude files in ~/Private."
Given that the backup service requires that the disk be mountable without any special steps (which it should be, since I believe Ubuntu's encrypted private directory system does file-based encryption), the above caveat should not apply, correct? In other words, the backup service doesn't somehow create a root process on my Linode which reads out files and backs them up? I'm assuming the backup service mounts the disk image in an external environment and then performs the backup file-by-file.
Basically, what I would like to ensure is that the backup service won't back up the unencrypted version of my data. I'm 99% certain that it won't, but if anybody could confirm this, or has had experience with using the backup service with Ubuntu's encrypted directories, I'd appreciate hearing about it!
Thanks in advance!
2 Replies
Features and Limitations
The backup system must be able to mount your disk images on the host. If you've used fdisk on your images to create partitions, or created encrypted volumes, or LVM, or done anything other than use our deployment or disk image creation tools, we won't be able to back up the data. The backup system operates on files, not at the block level.
From that I'd say no, it won't back up your encrypted files as unencrypted files.
