Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Use symbolic links to secure personal information System
A lot of personal information is stored on your Mac in databases and preference files. These files are wide open to anyone who has physical access to the computer. The only way to make these files secure is to encrypt them, and the best way to do that is to move them to an encrypted disk image created with Disk Copy or PGP. You can easily do this with files you create yourself, but many programs generate files that have to be in a particular location; for example, the Address Book database must be at ~/Library/Application Support/AddressBook. I don't want my address book to be read by somebody who steals my Powerbook, so I moved the above directory to a PGPdisk and symlinked it back to the original location.

First create an encrypted disk image and name it, say, 'Secure'. The disk image file is safe and can be stored anywhere. Next, quit the Address Book app if it's running, move your AddressBook directory to the mounted image, and delete the original (or better, securely erase it with PGP or another utility.) Now open a Terminal window, and at the prompt type (without the quotes) 'ln -s'. Go back to the Finder window showing the new location of the Address Book directory, and drag the folder icon into the Terminal window. The path will be added to the command. Now type a space. Go to the Finder window showing the old location of the directory, and drag the Application Support folder icon into the Terminal window. You should now see something like this (although it will be on one long line in your window, with a space before the "/Users" piece):
% ln -s /Volumes/Secure/AddressBook
/Users/your_username/Library/Application Support
Hit return. You should now see the symbolic link where the AddressBook folder used to be (it looks like an alias.) I suggest you lock it in the Get Info dialog.

I've done this with the Mail database, the iCal Calendars, many third-party data files, and also with some preference files such as Mail's, com.apple.mail.plist.

There are some caveats. The technique seems to work with all Cocoa and most Carbon applications, but a few are unable to resolve the links and will throw errors or crash. The disk image obviously has to be mounted before you launch the apps, so you can't include them in your login items.
    •    
  • Currently 2.75 / 5
  You rated: 3 / 5 (4 votes cast)
 
[9,955 views]  

Use symbolic links to secure personal information | 5 comments | Create New Account
Click here to return to the 'Use symbolic links to secure personal information' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
securing pref data
Authored by: Moofisto on Dec 18, '02 09:47:33AM

While you're in the terminal anyway, files can be nuked with the rm -P flag, which overwrites three times.

I've been thinking of doing something like this -- I use an iBook. I can't be annoyed though. How are you automating it? Putting the .dmg in Login Items and entering a second password?



[ Reply to This | # ]
securing pref data
Authored by: sammaffei on Dec 18, '02 10:26:13AM

Well you can put it in startup items and have the disk image password added to your keychain (which should be secured to your login only).

To automate secured mail on login, I wrote an AppleScript to mount the image (once again, automatically gettting the password from my keychain), wait until the list of volumes contains my secured disk's name, and then launch mail.

Finally, I added the compiled script to may startup items.



[ Reply to This | # ]
command line for mouting .DMG?
Authored by: piper on Dec 20, '02 02:56:04AM

I've been putting off encrypting a LOT of private info on my laptop, but with this idea I'm going to move to an encrypted approach! Thanks! In addition to encrypting my mail, addressbook, etc... I am also going to encrypt my Documents folder and have my keychain automatically decrypt it on login! Sometimes, however, I like to be able to access my documents remotely with AFP and SSH when I am NOT logged into the GUI. Is there simple command line access to access .dmg encrypted images? I'm sure I can find this online if I don't get the answer here. 'Course, my computer's not feeling very this week, so I guess I have plenty of time to figure it out!

piper



[ Reply to This | # ]
Use symbolic links to secure personal information
Authored by: fud on Oct 30, '07 10:59:52AM

This hint provided just what I was looking for, a secure AddressBook. After setting it up it seemed to work fine, then I started getting this error: "Couldn't open the Address Book database. Check if you have enough disk space" whenever I made changes to the Address Book.

The 'dmg' containing the relocated database has over 40 MB of free space, the AB data folder is 21 MB. I set this up for a non-admin account.

Any thoughts would be appreciated.

[Wish Apple would provide an option to relocate AddressBook data in the preferences.]



[ Reply to This | # ]
Use symbolic links to secure personal information
Authored by: Nexus on Aug 04, '08 03:38:42AM

I have try to create symlinks from some of my plist files in /Library/Preferences/
to another secure volume.
But the problem is when I have create a symlink it will be overwritten when the application that use this plist is starting.

So how do I create symlinks from plist files to another volume???
I have try to create symlinks from the plist inode number, but it doesn't work either.
Is it possible to create a string in a applications info.plist file that you can point the plist file to this secure volume?

Really appreciate for a solution for this!



[ Reply to This | # ]