There’s this very handy feature I’ve blogged about in the past : /home folder encryption in Ubuntu. This is clearly a feature I’ll keep on using as long as I use laptops.
But the Mac counterpart… Well, I didn’t use it. Then I used it. And it bugged me so much on the way it works that I’ve come to question using it, for the sake of my backups. This “silly” thing you see, is that I run my everyday Mac with a non-Administrator account, and I have a Time Machine disk backing up that computer. See the problem ? Backups will only be made upon logging out. And, most of all, you cannot restore files individually. Fortunately, there might be some light deep down the tunnel, and a solution in that post.
The trick explained here can somehow lower the degree of security of your installation since what we are basically going to do is to save the files in your Home directory while decrypted. Which means they will be unencrypted on your backup disk. In the case of a removable drive (like a 2.5″ USB HDD), that can be tedious. So, be aware…
What we will do is backup the Home folder to your Time Machine disk while it is mounted, and so unencrypted. The backups will be placed not where they should reside (in /User/Username) but straight at the Computer level, like a “regular” directory. Remember this if you ever need to backup a file and can’t find your Home in a panicky moment.
First off, we need the Property List Editor tool, which means you’ll need to install Xcode (from your Mac OS X installation disk).
Now, turn off Time Machine (but make sure you have a working backup, should I say it?).
Then, find the ID string of your File Vault disk. You can find it in the file com.apple.finder.plist located in /Library/Preferences. The ID string will be in a entry containing your user name and file-data, look for _CFURLAliasData and you’ll get your ID (including the < and >).
Still in /Library/Preferences, find the file com.apple.TimeMachine.plist and make a copy of it (place the copy wherever you want). Open the original file with the Property List Editor. Find IncludedVolumes and click “Add Child”. Select the type “Data” and enter the ID string of you found before.
If you can’t find IncludedVolumes then you’ll need to create it :
become root and click “Add Child”. Name the new entry IncludedVolumes and set its type to “Array”. And repeat the previous step (where you enter the ID string).
Check in com.apple.finder.plist that your Home folder isn’t listed in any of these entries ExcludeByPath, ExcludedVolumes, or SkipPaths.
Save and quit.
We’re done, but just a few heads up. First, you’ll get duplicates of your Home folder once you’ll have ran Time Machine again (in /User/***.username). This is your encrypted Home folder : if you don’t want duplicates (an encrypted Home folder image + your unencrypted Home folder) you might consider excluding this folder from the Time Machine backups.
