PDA

View Full Version : SuperDuper! and FileVault


Kool
01-12-2005, 11:27 AM
I can't get my FileVault protected Home folder to be shared using the 'Safety Clone - Share users and applications' script. When I log in to the clone it shows an empty home folder and doesn't find my sparseimage.

What to do? Thanks!

dnanian
01-12-2005, 11:55 AM
Hi, Kool -- what version of SuperDuper! are you running? We made some specific changes in this script in the the last version (or so) that makes the Safety Clone compatible with FileVault, so it should work. (At least, it works here.)

Is there anything unusual about your system or setup that comes to mind?

Kool
01-12-2005, 12:05 PM
Version 1.5.4 v73

I think I've found the problem. It wasn't sharing /Users/.* only /Users/* and the first one (.*) is needed, because that's where FileVault saves the sparseimage. My clone is almost ready, so in a minute or 10 I can tell for sure if this solved it or not.

dnanian
01-12-2005, 12:13 PM
What's strange is that the copy script *should* be sharing the /Users folder, not the things inside (that was the change that was made, which works better for a lot of reasons). It sounds like your scripts weren't updated, for some reason.

Here's what I'd suggest: re-download the SuperDuper! image and delete your existing copy of SuperDuper! Drop the new one in its place, and look a the script: it should share /Users, not /Users/* (or .*).

Thanks, and sorry for the trouble.

Kool
01-12-2005, 12:41 PM
I just downloaded SD! again. The Share Users.dset included with it does share /Users/* and not /Users as you advice me here. My previous attempt (with .* and *) failed. I am now trying to share /Users.

I did empty my Library from SD! files. Also when I look into the SD!.app package on the dmg it shows that the Share Users.dset is sharing /Users/*.

dnanian
01-12-2005, 01:11 PM
I'm totally wrong here, and this'll teach me not to do support too quickly while heading to the show floor here at Macworld.

The change in v1.5.3 was from sharing /Users to sharing the contents of /Users. When we tested, FileVault seemed to work, but there must have been something going on during the test.

In any case, your initial response -- to share * and .* -- is correct, given what you've said. I'll have to do additional testing at this end to ensure that it works on my own 'test mule', too.

My sincere apologies for the incorrect information in this thread. I should never do support before coffee, and when hurrying too much... >sigh<

Kool
01-12-2005, 01:30 PM
Huh? Now that is weird because sharing the contents on /Users didn't work for me at all. Sharing the /Users does. So for me the old way worked better. Using both * and .* didn't get me into my FileVault home folder at all.

What were the reasons for the change and could sharing the /Users have any negative consequences?

Thanks.

dnanian
01-12-2005, 01:44 PM
That is strange. We had found that FileVault wasn't properly following the link through /Users to the "real" user folder DMG (which -- and I have to say 'as I recall' here, because I have to actually test this again to verify -- it then mounts as .username). This meant that FV volumes didn't work when booted from the Safety Clone.

The change -- to share the contents of users -- resolved this issue because FV properly followed the link "one level down". In addition, it had the benefit of isolating any 'created users' to the Safety Clone, rather than creating them in the /Users folder of the original drive -- especially since the changes to Netinfo done during user creation are isolated on the Safety Clone itself.

When I get back to the office from the show, I'll do some additional tests to try to determine why you're having trouble. If you could send a report to the support address, I'll track that and reply as soon as I return (flying back Friday, will be back to work on Saturday).

darelon
01-14-2005, 04:59 PM
Hi Kool,

Did you by any chance create the Safety Clone while the FileVault-ed user was logged in?

When a FileVault-ed user logs in, the contents of your user's home folder (i.e. the FileVault sparse image and the Library folder) are moved to an invisible folder "/Users/.username" and the sparse image is then mounted on your home folder "/Users/username".

By sharing "/Users/.*" in this situation, SD! has probably also created a link on the Safety Clone back to the invisible folder with your sparse image. When you subsequently start from your Safety Clone and try to log in as the FileVault-ed user, the OS may not know how to deal with an already existing "/Users/.username" and/or it being a (now dead) link.

I hope this makes some sense. Even if it doesn't, I would suggest in any case to backup and clone from a non-FileVault-ed user, with all Filevault-ed users logged out.

This is just a guess at the moment, I'll do some tests tomorrow to check. But I have been using SD! with FileVault for a while now—by sharing the contents of the "/Users" folder and doing my backups/clones from another account—without any problems.

Ciao,
Roeland.

dnanian
01-14-2005, 11:02 PM
Thanks very much for chipping in here, Roeland -- I think you're exactly correct.

When you've got a FileVaulted home folder, you have to create a separate user that you log in as when you want to back up.

Thanks again for helping out... hopefully, now that I'm back from the frenzy of Macworld, my brain will start working again. :)

Kool
01-16-2005, 04:24 PM
Yup, I was runnning as a FileVaulted user (I only have one user actually, not counting the default users from OS X). Your remark makes sense to me. I am not very happy with this though, as I have to actually log out to do a safety clone, and can't continue to work whilst this is running in the background.

For me the sharing of /Users is more useful, and the disadvantages*) are less for me than the advantage it has over sharing the contents of Users.

*) not isolating any 'created users' to the Safety Clone, rather than creating them in the /Users folder of the original drive

At the moment it is a bit unclear to me why others had trouble with FileVault when sharing /Users and I don't seem to have them. Is this if there are multiple users using FileVault or something?

dnanian
01-16-2005, 06:17 PM
Well, the biggest problem with doing things like backups and safety clones when logged into a FileVault account is that your system is not in a decent 'state': Apple moves things around in funny ways to make FV work -- and when you restore it's in this 'logged in' state, but you're not logged in.

We definitely recommend logging out and into a non-FV account to backup and create safety clones. It's a lot cleaner that way. On top of that, people absolutely had issues with the Safety Clone and FileVault when /Users was shared -- we made the change because the volume wasn't mounting properly... I really don't know why yours is working, but you're welcome to make whatever changes you wish to the existing copy scripts, of course!

darelon
01-16-2005, 07:26 PM
Hi Kool,

I have to actually log out to do a safety clone, and can't continue to work whilst this is running in the background.
A perfect opportunity to to feed the cat, water the plants and make yourself a hot chocolate drink, I'd say… ;)

At the moment it is a bit unclear to me why others had trouble with FileVault when sharing /Users and I don't seem to have them.
I'm very curious about this as well. May I ask what Mac OS X release you are running? I seem to remember there were some changes to FileVault related stuff in 10.3.3 or 10.3.4.

Ciao,
Roeland.