Hi,

Currently, I use SD! to perform smart clones of "Backup all Files".

This method has been working well for me.
Since I use File Vault on my main Home directory I log-in to an alternate Admin account before performing the clone.

I am contemplating adding a different backup script to my rotating backup routine.
Here is my reasoning: Should the File Vault .sparseimage which holds my Home directory become corrupted (which seems to happen to lots of folks, but has yet to happen to me), my current 'backup all files' would likely become useless, since I would just be cloning a corrupted .sparseimage during the backup...

What I am thinking is that I could create a copy script to 'copy /Users/MyHome' to a disk image.

This would give me a backup of my Home directory that I could mount at anytime to retrieve individual files if necessary.

This should work with SD! right?

SuperDuper 2.1.3
MacOS X 10.4.7 PPC

-Tim

Unfortunately, no -- it'll just copy the same image you're copying now. The whole "FileVault" image is stored in that folder, and the underlying mounted volume is hidden by the OS.

What I'd suggest, if this is something you're concerned about, is consider un-file-vaulting your Home and using a program like Knox to encrypt only the data that needs it...

I think I understand what you're saying here Dave.

However, when I was creating the copy script, I was able to use the SD! 'script commands' script creation dialog to navigate to /Users/MyHome and it was showing the contents of my home folder, rather than the actual .sparseimage file (which was also visible in the SD! navigation window) which you suggest would wind up being copied instead of the contents of my home folder...

I'm not doubting, you, just trying to clarify

That's because it's showing you what the Finder shows you. But when you copy, we won't follow the symlink (because we shouldn't), and while your Home folder will be copied when you select it, it'll actually copy the FileVault volume.

Well, I just noticed that my FileVaulted home folder shows up in SD! as it's own volume in the Source pop-up menu list!!

So, it looks like I can just select it as my source and choose 'Backup all files'...

Our posts crossed at the same time, Dave.

Ah, it now shows up as a source? That's great, as it didn't used to. That'll work fine, with "Backup - all files".

Ah, it now shows up as a source? That's great, as it didn't used to. That'll work fine, with "Backup - all files".

Yeah, it's there as it's own volume in the source list.

I think this will work!

One last thing (for now), I don't see an option within SD! to encrypt a destination disk image. Am I missing it?

I assume that if I use Disk Utility to create an empty encrypted disk image that it will still work as a destination for SD!, right?

That's right -- just create an encrypted disk image and point us to it.

Excellent.

So, when the contents of the file vault image are copied to the destination image, will SD! copy the volume's directory structure or will a new one be created on the destination image as the files are copied?

Also, just to clarify, in case anyone is researching this issue in the future and finds this thread. When I said that the File Vault home directory shows up in the SD! source list as its own volume, this is when running SD! from the File Vaulted account. So, in this case, the general instructions to run SD! from a different user account would not apply...

We'll copy the volume exactly as it appears (which is likely to be your Home folder rooted at the top, with no /Users parent, etc).

We'll copy the volume exactly as it appears (which is likely to be your Home folder rooted at the top, with no /Users parent, etc).

So, if the directory information on the source image is damaged then it will also be copied as is to the destination?

It sounds to me like this is different than doing a drag/copy.
If I drag a bunch of files from a volume that is partially corrupted, as long as the copy operation is able to be carried out, then the copied files will be on a volume which is undamaged...

But it sounds like you are saying that SD! will not only copy the files/folder of a volume, but will also copy the underlying volume information as well?

(When I say 'directory or volume information' I'm talking about the stuff that you see when you run a 'verify' in Disk Utility)

We copy the files as they're present on the drive, just like drag/drop does. We're not copying the underlying "disk structure".

Thanks for taking the time to answer all of my questions about this Dave.
I do appreciate it.

I'm happy to help -- and glad to see the FileVault volume is showing up. Thanks for that info, and let me know how this woks out for you.

I see that there was another thread started today which seems to touch on the issue of creating a secure backup of a file vaulted home directory.

After some testing, I have had less than perfect results with this backup scenario...

1. Make sure that you are logged into the file vaulted account.
2. Create a new blank encrypted sparseimage disk image with Disk Utility
2a. Make sure the image is mounted.

3. Launch SuperDuper

4. From the source pop-up list select the volume with the same name as your file vaulted home folder.

5. From the target pop-up select the diskimage that you created in step 1.

6. Use the 'Backup-all files" script.

7. From the Options... dialog, select 'Erase then copy'

8. Start the copy.

SuperDuper will copy the contents of your file vaulted home folder to the encrypted disk image.

The problem seems to arise when attempting to actually use the backup disk image.
The disk image does not seem to mount from a different user account.
This could potentially pose a problem when it comes time to recover files from thee backup image.

That's probably just a matter of ownership, Timmy -- you can turn ownership off for the drive if you'd like to get access, or change the ownership of the image with the Get Info panel.

Wow. This is exciting stuff!!

If this works, SuperDuper becomes the answer to FileVault fears. Not sure if there are other answers out there. If not, I'd say you now have a heck of a competitive advantage in a world of 'too many' stolen laptops, Dave.

Anxiously awaiting to hear of your success Timmy. Are you running 10.4.8?

Lets hope that Leopard doesn't mess this up.

I'm running 10.4.7.
The back-up does work as described using the steps above.

However, using the backup diskimage from a different user account is still somewhat problematic. The diskimage will not mount at all unless I use Finder->Get Info for the diskimage and choose 'Ignore permissions/ownership on this volume.'
Even then, the diskimage still mounts as read-only when used in a different user account.

At this point, I'm not convinced that this method is really any better/safer than just doing a full clone of the entire volume...
If you are worried about your file vault directory becoming corrupted you might be able to verify/repair it using the procedure in this Apple article: http://docs.info.apple.com/article.html?artnum=25695

Did you try changing the ownership for the image itself, Timmy?

Ok.
Setting the mounted disk image volume to ignore ownership does seem to let me access the files from any user account.

So, it looks like this is working well for creating an encrypted back-up of a file vault home directory.

Very cool!

Very cool indeed.

Dave, will you be adding this information to the manual where you reference FileVault?

Dave or Timmy, changing the ownership is as simple as checking the box in the get info pane??

I'm considering it for the next major update of the User's Guide.

Dave, is there any way to make this backup bootable?

Choosing backup all files from the FileVault will not include applications either since they are not stored in the FileVault.

I guess what I am saying is that I would like to have SD make a 'full bootable' backup just like it did before I started using FV.

Is that possible and if so what is the best way to make it happen?

Thanks

Backing up the FileVault volume separately doesn't retain the original data format from the drive, so you can't just "make it bootable". Instead, you'd need to log out of the FileVault account, into a non-FileVault account, and do a full Backup - all files, as we suggested originally. That'll create a bootable backup.

Ok.
Setting the mounted disk image volume to ignore ownership does seem to let me access the files from any user account.

So, it looks like this is working well for creating an encrypted back-up of a file vault home directory.

Very cool!

Back again with some progress notes:

It looks like the ignore ownership option on the mounted diskimage volume becomes unchecked after a smart update.

I guess absent some fancy scripting (which I am not competent to do) I will need to remember to disable ownership on the backup diskimage volume after each backup...

We have to turn ownership on to properly back up, and leave it on (because it really should be that way). If you need to access it from different accounts, I'm sure you'll remember to turn it off if necessary -- or to authenticate with the proper credentials...

I'm sure you'll remember to turn it off if necessary --

Don't overestimate me Dave!

Also, in some of my earlier tests the diskimage would not mount at all when accessed from a different user account.
I think that FileVaulted home directories have strict permissions that get carried over to the cloned image which can prevent the image from even mounting for a user other than the owner of the account.

Oh, and I'm going to try to edit this thread to change the title to "Backing-up just my File Vault Home folder" to be more specific for folks who might be searching the Forum at a later date for this type of issue.