Hi Erol,
I know a lot of people have responded to this post, but I wanted to
go back to your original post and follow-up from there.
On Dec 11, 2007, at 4:20 PM, Erol Kepkep wrote:
> I'm concerned about having file encryption on a MacBook Pro. I
> activated FileVault on my User Account which is fine. But, I just
> discovered that a FileVault protected User Account causes the User
> folder contents to be unavailable for backup by TSM (UCBackup
> Service).
>
This is not 100% correct.
I have FileVault turned on on my iMac, and I use UCBackup, and with
some extra work on my part, it backs up up my files just fine. So,
the question is, how is this possible?
When a user has FileVault enabled, it does indeed change the standard
setup of the user's home directory under the /Users directory. In my
case (my username is lr), if I did not have FileVault enabled, the
contents of /Users would look like this (at all times, whether I am
logged in or not):
/Users/Shared
/Users/lr/<all of my files>
Now that I have FileVault enabled, the contents of /Users looks like
this when I am not logged in:
/Users/Shared
/Users/lr/lr.sparseimage
And this when I am logged in:
/Users/.lr/lr.sparseimage
/Users/Shared
/Users/lr/<all of my files>
So, when I am logged in, my files are where they normally are, but OS
X creates a new directory called .lr and puts my sparseimage in
there. Actually, what happens when you log in (if you have FileVault
enabled) is OS X moves your home directory (in my case) from /Users/
lr to /Users/.lr and then mounts the user's sparseimage and makes it
link to (again, in my case) /Users/lr.
Ok, so, it is becoming clear that UCBackup (TSM) can backup the
contents of a user's home directory, but... only when the user is
logged in! This is very important to understand. In other words, if
you use UCBackup and do a backup while you are logged in, UCBackup
will backup:
/Users/username/<all user files>
If you then log out, and UCBackup comes along and does a backup, it
will now backup:
/Users/username/username.sparseimage
Hmmm, that seems bad. And, it is!
So, to make a very long story short, you can use UCBackup when you
have FileVault enabled, but you have to do 3 things:
1) Request that the backup happen during the day
2) Exclude /Users/.username from the list of things to backup
3) TURN YOUR COMPUTER OFF WHEN YOU ARE NOT LOGGED IN
Sorry for the all caps, but number 3 is extremely important.
Actually, so is number 2.
Alternatively, (and this is what I recommend):
1) Disable your TSM agent
2) Exclude /Users/.username from the list of things to backup
3) Do manual backups
I highly recommend this approach (however, it does require admin
access to your computer, and you have to remember to do your backups!).
Also, because the standard TSM client does not come with a list of
things to not backup, I recommend, at the minimum, excluding the
following items (these come directly out of my "/Library/Preferences/
Tivoli\ Storage\ Manager/dsm.sys" file:
EXCLUDE.DIR "/Users/.lr"
EXCLUDE.DIR "/Users/Shared"
EXCLUDE.DIR "/Users/lr/.Trash"
EXCLUDE.DIR "/Users/lr/downloads"
EXCLUDE.DIR "/Users/lr/.Spotlight-V100"
EXCLUDE.DIR "/Users/lr/src"
EXCLUDE.DIR "/Users/lr/Movies"
EXCLUDE.DIR "/Users/lr/Music"
EXCLUDE.DIR "/Users/lr/Pictures"
EXCLUDE.DIR "/Applications"
EXCLUDE.DIR "/.Spotlight-V100"
EXCLUDE.DIR "/.Trashes"
EXCLUDE.DIR "/private/var/vm"
EXCLUDE.DIR "/var/vm"
If you use this list, make sure you change all instances of "lr" to
your username.
As noted as step 2 above, the first thing on the list is my sparseimage!
I also exclude /Users/Shared because I put my iTunes music in there
-- no need for UCBackup to backup my music. I also have excluded
my .Spotlight-V100 directory, and the one for the system, too, as
those two directories alone are over 500MB . I also don't see a need
to backup the Applications directory, but feel free to choose
otherwise. Oh, don't backup virtual memory (/private/var/vm, and I
added the symlink, too: /var/vm). If you have a downloads directory,
or a source directory (where you compile software -- src for me), you
probably don't want to back those things up, either. And for good
measure, I skip Movies, Music, and Pictures (even though I don't have
anything in these directories).
This is just a partial list for me, as I exclude a lot of other
things that I feel just waste space on the backup server (like Garage
Band and iDVD files that Apple installs under "/Library/Application
Support").
Anyway, good luck!
-lucas
> Can anyone recommend File/Folder level encryption software that
> hopefully would work with TSM Backup?
>
> Thanks,
>
> Erol Kepkep
> Molecular & Cell Biology
>
>
> ----------------------------------------------------------------------
> ---
> The following was automatically added to this message by the list
> server:
>
> To learn more about MAGNet, including how to subscribe to or
> unsubscribe from its mailing list, please visit the MAGNet Web site:
>
> http://magnet.berkeley.edu
>
> Messages you send to this mailing list are public and world-
> viewable, and the list's archives can be browsed and searched on
> the Internet. This means these messages can be viewed by (among
> others) your bosses, prospective employers, and people who have
> known you in the past.
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:
To learn more about MAGNet, including how to subscribe to or unsubscribe from its mailing list, please visit the MAGNet Web site:
Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet. This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Received on Wed Dec 19 2007 - 09:25:09 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 19 2007 - 09:25:11 PST