Part 2 Of Gentoo Router: Samba And TrueCrypt
I wrote about turning your PC in to a router using Linux a few nights ago, and it drew a lot of criticism and a lot of positive comments. People were suggesting live cds that save all data to a floppy as the distro to use on your router. With the router being one of the most important parts of a network I don't see myself doing that anytime soon. However there were a lot of good alternatives suggested that in time I will try on my old PC that randomly restarts itself. Some people were mentioning the cost of electricity is much higher than running a standard home router. I agree with that but this PC is more than just a router as we will see soon. In this day and age privacy isn't a big issue with the government. I prefer to encrypt all my files using TrueCrypt, which is an open source on the fly encryption tool. I made a post a while back about using it along side Eraser on Windows. So consider this the Linux version. Let's start off by getting samba.
emerge samba
Once this is done you'll need to open the configuration file for editing
nano /etc/samba/smb.conf
We're going to configure the samba server so you need a valid user and password to access the share. You don't want random people to have read/write access to your files now do we?
[global]
workgroup = WORKGROUP
netbios name = Gateway
server string = Gentoo Router
security = user
username map = /etc/samba/smbusers
log file = /var/log/smb/samba.%m
max log size = 50
local master = no[public]
comment = shared
path = /home/smbtc
valid users = smbtc
guest ok = no
browseable = yes
writable = yes
Now we need to add users to the PC and to samba.
useradd smbtc
mkdir /home/smbtc
chown smbtc /home/smbtc -R
chgrp users /home/smbtc -R
usermod -d /home/smbtc smbtc
smbpasswd -a smbtc
Now all we need to do is start the service and make it start up on boot.
/etc/init.d/samba start
rc-update add samba default
That should do it. You should now be able to access shares by typing in \\192.168.1.1\ in to explorer. There should be a public folder with all your things in it. The next step is to encrypt these files using TrueCrypt. You should check if you have the correct kernel settings first.
cat /usr/src/linux/.config | grep BLK_DEV_DM
If that returns "CONFIG_BLK_DEV_DM=y" then you are all set. If it doesn't than you need to add that line to your config file and then do this:
cd /usr/src/linux
make
make modules_install
cp arch/i386/boot/bzImage /boot/kernel-2.6.17-gentoo-r7
If "kernel-2.6.17-gentoo-r7" isn't the name of your kernel you'll obviously need to use the correct name. Now reboot the PC and move on to emergeing TrueCrypt.
printf "=app-crypt/truecrypt-4.2a" >> /etc/portage/package.unmask
printf "=app-crypt/truecrypt-4.2a" >> /etc/portage/package.keywords
emerge truecrypt
When this is done you'll need to load the TrueCrypt module like it says. I have automatic kernel module loading set in my kernel so I don't need to do this but you probably will.
modprobe truecrypt
Now you're all set to create your volume.
truecrypt -c
Mine looks like this:
mkdir /mnt/Vault
truecrypt --display-password /Vault /mnt/Vault
I use --display-password because my password is so long. You of course don't have to. Now you'll need to link your TrueCrypt volume with your samba share.
ln -s /mnt/Vault /home/smbtc
chown rub3x /home/rub3x/Vault
chgrp users /home/rub3x/Vault
You should now have /home/smbtc/Vault. Anything you put in there is now encrypted. You can also store files that don't need to be encrypted in /home/smbtc. Before rebooting the PC you should always dismount the volume using truecrypt -d. That should do it.
Print Post
9:31 PM on April 14th, 2007
The last part was what I needed…a very simple solution by making a symbolic link.Thanks for the tip!