Use symbolic links to secure personal information

Dec 18, '02 08:33:54AM

Contributed by: Anonymous

A lot of personal information is stored on your Mac in databases and preference files. These files are wide open to anyone who has physical access to the computer. The only way to make these files secure is to encrypt them, and the best way to do that is to move them to an encrypted disk image created with Disk Copy or PGP. You can easily do this with files you create yourself, but many programs generate files that have to be in a particular location; for example, the Address Book database must be at ~/Library/Application Support/AddressBook. I don't want my address book to be read by somebody who steals my Powerbook, so I moved the above directory to a PGPdisk and symlinked it back to the original location.

First create an encrypted disk image and name it, say, 'Secure'. The disk image file is safe and can be stored anywhere. Next, quit the Address Book app if it's running, move your AddressBook directory to the mounted image, and delete the original (or better, securely erase it with PGP or another utility.) Now open a Terminal window, and at the prompt type (without the quotes) 'ln -s'. Go back to the Finder window showing the new location of the Address Book directory, and drag the folder icon into the Terminal window. The path will be added to the command. Now type a space. Go to the Finder window showing the old location of the directory, and drag the Application Support folder icon into the Terminal window. You should now see something like this (although it will be on one long line in your window, with a space before the "/Users" piece):

% ln -s /Volumes/Secure/AddressBook
/Users/your_username/Library/Application Support
Hit return. You should now see the symbolic link where the AddressBook folder used to be (it looks like an alias.) I suggest you lock it in the Get Info dialog.

I've done this with the Mail database, the iCal Calendars, many third-party data files, and also with some preference files such as Mail's, com.apple.mail.plist.

There are some caveats. The technique seems to work with all Cocoa and most Carbon applications, but a few are unable to resolve the links and will throw errors or crash. The disk image obviously has to be mounted before you launch the apps, so you can't include them in your login items.

Comments (5)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20021218053354239