This tutorial will cover how to setup a LUKS encrypted container, moving Thunderbird’s profile to that container and then most importantly, mounting that container upon login so Thunderbird doesn’t freak out.
First, to setup a LUKS container, follow these steps laid out here:
https://www.digitalocean.com/community/tutorials/how-to-use-dm-crypt-to-create-an-encrypted-volume-on-an-ubuntu-vps
Close Thunderbird and move your ~/.thunderbird folder to the LUKS mounted folder. Create a symlink to the mount point. Mine is:
ln -s /mnt/tbird/.thunderbird ~/.thunderbird
Once you have a functioning LUKS container (should be at least 2GB), we’ll need to create two scripts: a wrapper script to initiate elevated privileges and the mount script.
Wrapper Script
- Create a file called mount_wrapper.sh and chmod +x it.
- Open the file in your favorite text editor and put:
#!/bin/bash echo "Please Enter Your Account Password: " su -c /home/username/Startup/mount_tbird.sh root
Mount Script
- Create another file (use the path in the above script or modify the script)
- Paste the following into it:
#!/bin/bash read -s -p "Enter LUKS Container Password: " pwd echo $pwd | cryptsetup luksOpen /home/username/tbird volume1 if [ $? == 0 ] then mount /dev/mapper/volume1 /mnt/tbird else echo "Bad Password!" fi exit 0
- In the above /home/username/tbird is the path to my encrypted LUKS container and volume1 is the dev mapper name I give it.
Now, for the fun stuff, getting Ubuntu to run this on login:
- Navigate to Startup Applications, and add a new one.
- Name it whatever you please
- In the command box:
gnome-terminal -e /home/username/Startup/mount_wrapper.sh
- Save and restart
If all goes well, upon logging in, a terminal will open prompting you for your account password to run the script as root. Then it will ask you for the LUKS password.
Make sure you go into Thunderbird and set a Master Password.