Restore encrypted home folder

[tz05]

Hi, I am running Veeam to back up my KDE Neon based laptop which works for months without any issues. I now changed to an encrypted home directory (/home/username) and notice that when a backup image is mounted to restore some files, the data under /home/username is not accessible.
Instead of the expected data files it shows a readme file with the following content:

From the graphical desktop, click on:
"Access Your Private Data"
or
From the command line, run:
ecryptfs-mount-private

Now, neither graphical desktop option nor the cli command work but I am also not sure what's really happening here. The way I understand home drive encryption under Linux is that after I log on the folder my home drive will be "opened" and whether a file is encrypted on disk or not will be invisible to any application. So I would have expected that Veeam stores my backup data unencrypted and hence easily available when trying to restore.
Is what I am seeing by design? And if so, is there a way to mount this folder so I get access to individual files or do I always have to do a full partition restore?

Thanks
Thomas

[tz05]

Did some more research and tried to update this post. But given that I don't seem to be able to edit I will answer myself, might be beneficial to others in the same situation.

First of all I can confirm the data is all there, looks like Veeam does indeed save the encrypted folder encrypted even though the folder has been unlocked after the user logged in.
Second, the ecrypt-mount problem I am experiencing has got nothing to do with Veeam. The readme in the encrypted folder seems to be standard Linux text and is not applicable for this use case. The script the readme refers to will try to mount the backup home directory /mnt/backup/home/$user to the users regular home directory, /home/users/$user, which obviously doesn't make sense.

I meanwhile found another script which allows to mount the backup/home/$user directory to a different directory which I got to work, at least partially. I get to see the filenames but all other information seems to be distorted. Also can't access the files.
But clearly this is not about Veeam but all about Linux. If anyone has done this and can share his solution I'd appreciate some help. In the meantime I will keep on trying. Maybe I'll be posting a third message to myself

Thanks
Thomas

[tz05]

There is a script towards the end of the thread below which did the trick for me!
https://bugs.launchpad.net/ubuntu/+sour ... bug/455709

Hope this is of help to someone else at some point...case closed

[PTide]

Hi,

First of all, sorry for noticing your message so late,

looks like Veeam does indeed save the encrypted folder encrypted

if I saw it earlier I would tell you that Veeam keeps your data in a decrypted format. Did you mean "unencrypted" ?

Secondly, thank you so much for your research! I'd like to ask what is your Neon KDE edition (User/Developer/LTS/Other)?

P.S. Please keep in mind that since the distro is not on the list of supported distros (although it is based on Ubuntu) our support team won't be able to help should you have any other issues with the product. However, you can always seek for help on this forum so we can try to reproduce an error, and give an advise.

Thanks

[tz05]

Hi PTide, well, let's agree on saying you store the data in the same way as it is on disk.
In my case my home folder /home/thomas on the disk is encrypted because that's how I set up my OS. And by the look of it Veeam does simply copy what's on the disk to my backup repository which means all folders under / are unencrypted and /home/thomas is encrypted in my repository as well.
When I mapped a backup to /mnt/backup to restore some files I was able to see all folders under /root but /home/thomas was not legible. This is why I used the script I mentioned earlier to open/decrypt that folder and off I went...
The alternative would have been that Veeam somehow runs in my users context which means it's got access to the unencrypted data like I as a user do after logging on, but that obviously isn't the case.

I think I prefer the way it's handled now, a little harder to restore individual files because one has to go through the decrypting steps first before the home drive becomes accessible. But from a security point of view this is the right way to do it.

As far as the distro is concerned, I am running KDE Neon User edition. Given that Neon is really just Ubuntu with the latest KDE as Desktop environment I hope I will fall under the Ubuntu category with you guys should I ever need it. They don't even call themselves a distro.

Thanks
Thomas