Ubuntu
mlocate package

Default settings for updatedb.conf do NOT index encrypted home!

Bug #1205690 reported by Genadi Saltikov
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
mlocate (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

locate does not find any files in encrypted home.

I lost hours until I found the file(s) are actually there.

I would like to propose one of three solutions:
1) Modify the defaults in /etc/updatedb.conf so that encrypted home is indexed (or please explain why its a security problem?)
2) During Ubuntu installation, add a step if the user chose encrypted home, allowing him to choose whether to enable indexing on the encrypted home.
3) Add a hint in the relevant installation screen, where a user could click, and get a list of known issues caused by choosing an Encrypted home (such as locate not indexing it by default, complications accessing the ecnrypted home via Live CD, and few other issues unexperienced users often encounter using Encrypted Home.

The third solution is by far my favorite, what do you think?
We cant just leave it as it is, even googling for "ubuntu locate does not find files with . prefix" (my initial issue) has not clued me into the problem, it was pure luck someone on IRC guessed I might be using encrypted home! otherwise I might have wasted hours more looking where the file was gone, and why...

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: mlocate 0.25-0ubuntu2
ProcVersionSignature: Ubuntu 3.8.0-26.38-generic 3.8.13.2
Uname: Linux 3.8.0-26-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Sat Jul 27 19:59:59 2013
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-02-16 (161 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130215)
MarkForUpload: True
SourcePackage: mlocate
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Genadi Saltikov (carmageddon-2) wrote :
Revision history for this message
TTL (supernova-2149) wrote :

> please explain why its a security problem?
Because a database with all the filenames is stored under /var/cache/locate/
So some stranger could guess what files you have in your encrypted /home partition, if /var is not encrypted.
I resolved this for me long ago by replacing /var/cache/locate/ by a symlink to some place inside /home where the database is stored now. But now me affects the missing indexing of encrypted drives aswell.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in mlocate (Ubuntu):
status: New → Confirmed
Revision history for this message
Tyler Hicks (tyhicks) wrote :

Hi Genadi - I'm sorry to hear that you had to spend so much time figuring this out.

A decision was made that locate will not index files in eCryptfs mounts. Since eCryptfs encrypts filenames, the locate DB should not be used to store filenames in plaintext on disk. See bug #372631 for details.

Out of your 3 proposed solutions, #1 won't work due to the the bug above. #2 and #3, in my opinion, are too intrusive to put into the installer. Few people have a problem with locate not indexing their encrypted home and accessing an encrypted home directory from the live cd is something that ecryptfs-recover-private is meant to address.

I'm marking the mlocate task as invalid since it is behaving as intended.

Changed in mlocate (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.