Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: How to use Time Machine with FileVault System 10.5
If you have FileVault enabled to encrypt your home directory, upgrading to Leopard gives you a scary warning:
Time Machine backs up home folders protected by FileVault only when logged out. You cannot browse items of the protected home folder in the Time Machine backup. Because you cannot browse the items in the Time Machine backup, you cannot restore individual items.
This warning is incomplete and misleading, and might lead you to avoid backing up your home directory. You can make FileVault work with Time Machine if you follow the rules in this hint.

If you upgrade to Leopard with FileVault turned on for a user, their encrypted home folder will be left in the Tiger format (a sparse disk image) rather than the new Leopard format (a sparse bundle/package of many small files, called "bands"). The old format is very inefficient, because a copy of the entire home directory will be saved each time the user makes the smallest change to any file within it. Convert to the new format, before using Time Machine, by turning FileVault off and then back on for each user needing FileVault.

If you don't have enough free disk space to do this, you'll have to copy the user's files over to a backup disk, trash them in the home directory, empty the trash, log the user out to recover the disk space, log back in, turn FileVault off and on, copy the files back, trash the copies, and then use Secure Empty Trash in the Finder menu.

Once you have the home directories converted to the new format, you can turn on Time Machine in System Preferences, and it will begin backing up all files to the connected disk except for those users who have FileVault turned on and are currently logged in: they will have their files backed up when they log out. In other words, users will have to log out faithfully in order to have their files backed up, which may be a change for some users. Logging out is also good practice because a user's files have never been very secure against unauthorized access when the user leaves themselves logged in.

If you need to restore files in your encrypted home directory, the Apple warning is correct in that you can't use the Time Machine application's 'galaxy' interface to do so. However, you can restore them using the Finder.

Double-click on your backup drive, and you'll see a folder called Backups.backupdb. Double-click it and you'll see a folder with the name of your machine. Double-click that, and you'll see a bunch of folders named with dates and times. Double-click the one from which you want to restore the file(s), and double-click your way down through your startup disk name, then Users, then your username.

You'll then see a package called username.sparsebundle. Double-click it, enter your login password, and a copy of your home directory will mount. You can drag files off of this copy -- just don't drag any files onto it or delete any files! After you are done, eject the mounted home directory to avoid confusion. There isn't any reason that Apple couldn't automate the restore process; apparently they ran out of time when releasing version 10.5.
    •    
  • Currently 4.40 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (10 votes cast)
 
[121,514 views]  

10.5: How to use Time Machine with FileVault | 11 comments | Create New Account
Click here to return to the '10.5: How to use Time Machine with FileVault' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: How to use Time Machine with FileVault
Authored by: faisal on Nov 28, '07 11:04:40AM

It seems the note is misleading, but only at the margins. There are three issues here:

1. FileVault users do not get the transparent TimeMachine behavior (TM backing up individual files as you are connected to the backup drive). Instead, users have to log out while connected to the backup drive.

2. Leopard has a new and more efficient FileVault image format.

3. Despite the claims of the warning listed, it is actually possible to browse individual files in the FV user's home dir by mounting the disk images directly. You'll have to browse via the finder, not the TM interface, though.

I'm not sure about the safety value of logging out more frequently, assuming you have the machine set to lock when not in use.

FV users who want transparent backups will need to look elsewhere.



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: noworryz on Nov 28, '07 11:54:36AM

Locking the screen, instead of logging out, neither allows backup nor leaves the user's home directory protected. While the screen is locked, the user's home directory is still mounted as an unencrypted volume under "/Users." It can be accessed by either entering an admin username/password in the unlock screen or through some back door with admin or root privilege.

Users who use FileVault must learn to log out regularly if they want any security. They're just fooling themselves if they put their laptop to sleep and hope the screen lock will protect them.




[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: faisal on Nov 29, '07 07:06:41PM

Users who use FileVault must learn to log out regularly if they want any security.

This is hyperbole. FileVault gives you more security than not, and being logged out gives you more security than being logged in. The habit of logging out does not increase your security for those moments when you're logged in. Your files would be more secure if you encased your laptop in a 12' thick concrete block and sank it in the South Pacific, but you wouldn't be able to work with them.

Time Machine's behavior with FileVault is neither transparent nor fully automatic, and requires changes in behavior for many if not most laptop users. This is pretty ironic for two systems whose goals included security without changes in behavior.



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: noworryz on Nov 30, '07 11:26:19PM

The issues with screen locking and FileVault have been discussed in this hint and this hint and this hint so there probably isn't any reason to discuss it further here.

[ Reply to This | # ]

10.5: How to use Time Machine with FileVault
Authored by: lucidsystems on Dec 20, '07 09:54:04PM

FV users who want transparent backups will need to look elsewhere.

LBackup has two configuration options.

  1. Backup user home directories with FileVault enabled when they are not logged in. This is similar to TimeMachine on Mac OS X 10.5.1
  2. Backup users home directories with FileVault enabled while they are logged in. This is possible because the files are copied directly from the mounted FileVault disk image.



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: srizvi1 on Dec 28, '07 12:21:19PM

Just to clarify - if I use filevault, then in order to properly use time machine to back up my home directory - right when I see that the backup has begun (with the little circular arrows), I should log out right then? Or would it do the backup automatically whenever I log out while connected to a time machine external hard drive. I just logged out and its on the FileVault screen saying "Backing up my username's home folder", but I know I logged out during time machine's backup process. so that's why I'm wondering which one is true.

Also, I'm thinking I should back up my home directory and nothing else. The rest of the stuff on my comp are my apps, but since those can easily be replaced, shouldn't I just leave them out?

Lastly, is there a way I should go to deleting my old backups besides just deleting the folders via browser? prior to today's backup, it's just the apps folder over and over again (which itself confuses me - I was under the impression that Time Machine works by only backing up what had changed - my apps aren't changing so why does it keep backing the same thing up each time).



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: blackbird23 on Mar 09, '08 06:26:34AM

I have a FileVaulted home and use TM. Curiously, it backups will I am logged in just as with an unencrypted home dir. The TM backup is unencrypted, so I can also use the standard TM interface to browse the backup.

Looking at all the other post around the topic, this behavior seemed to be impossible, but desired by many users. Not sure what happened to make it work for me.

Any thoughts?



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: itsme on Apr 05, '08 08:44:43AM

You'll then see a package called username.sparsebundle. Double-click it, enter your login password, and a copy of your home directory will mount. You can drag files off of this copy -- just don't drag any files onto it or delete any files! After you are done, eject the mounted home directory to avoid confusion. There isn't any reason that Apple couldn't automate the restore process; apparently they ran out of time when releasing version 10.5.

so if the only user file that is there is the shared one and not myoldusername.sparsebundle i just dont have a backup of my old filevaulted home folder?



[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: Dornquast on Aug 04, '08 06:27:56PM
If you want continuous backup protection while you're working - CrashPlan will back up your files while you work. http://www.crashplan.com

Time machine only backs up when you log out, and not incrementally.

[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: mffm on Nov 08, '08 10:50:31AM

Like Blackbird23 (see above) I find that Time Machine appears to work normally with a FileVault protected home folder.

I switched on FileVault about 24 hours ago for the first time, resigned to the fact that I would lose access to normal hourly Time Machine backups, and backups would only be created on logging out.

In fact, Time Machine continues to back up every hour. I can browse back through successive versions of files worked on during the last 24 hours and can restore files which I have deleted say, 2 or 3 hours ago. I am using OS 10.5.5.

I am not sure whether these backups are fully written to disk or merely stored in memory pending a log out/log in? Still, it seems to be a major advance over what I believed would happen.

Has anyone else actually tried FileVault with Time Machine?











[ Reply to This | # ]
10.5: How to use Time Machine with FileVault
Authored by: blackjack556 on Nov 21, '08 05:25:54PM

yes i am getting the same type of experience too on my leopard 10.5.5. my TM is doing backups "continuously" even when logged on.

what was weird though was when i checked my TM preferences, it shows that it is set to NOT back up my FV home folder. so i unchecked it. the TM still does the same thing as before i unchecked it.

i believe two things are happening here (with the newer OS):

1) continuous backups for when one wants to recover individual files while logged
2) full back ups when one logs out. this is used on full restore when an HD crashes

i have no way of validating this yet, but i would appreciate more inputs from an expert.

thanks!



[ Reply to This | # ]