Where do applications typically store data?

Solution 1:

From the examples you have provided, I take it that you mean application data specific to a certain user's configuration, usage or the data owned by the user (e.g., mail messages, templates, themes). In this case, these data are stored in the user's home directory as "dot-files" or inside an application-specific "dot-directory".

Quoting from the Unix file-system hierarchy standard:

/home : User home directories (optional)

Purpose

/home is a fairly standard concept, but it is clearly a site-specific filesystem. The setup will differ from host to host. Therefore, no program should rely on this location.

Requirements

User specific configuration files for applications are stored in the user's home directory in a file that starts with the '.' character (a "dot file"). If an application needs to create more than one dot file then they should be placed in a subdirectory with a name starting with a '.' character, (a "dot directory"). In this case the configuration files should not start with the '.' character.

The linux file-system hierarchy standard also states almost the same thing.

For example, the user's configuration for the vim editor is stored in .vimrc inside the home directory, the firefox profile (containing among other things the users bookmarks and history information) is stored in a separate directory within the user's home-directory (~/.mozilla/firefox/<randomstring>.default)

Typically all applications will store information about user initiated sessions, passwords etc within the user's home directory in such "dot-files/ directories".

So (extrapolating a bit), if you want just enough encryption that user-specific data is protected, then home directory encryption alone would suffice.

Having said that, it is possible, like with all things linux, to customize and override the default location and choose to store these application specific user-data elsewhere. However, in Ubuntu, that needs to be explicitly done by the user.

Solution 2:

Your home directory is the only place where you can store files permanently. Applications typically store their configuration and automatically saved data in a file or directory called .application-name in your home directory. (Some applications save in groups, e.g., ~/.gconf contains data from many Gnome applications.)

However, you can have confidential or privacy-relevant data stored in other places. Whether you want to encrypt these places depends on how sensitive you think that data is.

  • Anything (well, almost) that can be in RAM can also be in swap. It takes a bit of work and a bit of luck, but someone who steals your disk could find some worthwhile data in the swap.

  • Many applications store temporary files in /tmp.

  • If receive mail locally (as opposed to fetching it from a POP or IMAP server), it arrives in /var/mail. If you send mail using the traditional unix method (sendmail), it transits via /var/spool/postfix (or whatever your MTA is). If you don't understand this paragraph, it doesn't apply to you.

  • If you set up recurring tasks, they are stored in /var/spool/cron.

  • When you print something, it transits in /var/spool/cups.

  • The system logs might contain data you'd rather keep private, such as network errors from sites you've tried to connect to or from.

You can encrypt the swap partition with dm_crypt (install the cryptsetup and read the documentation; or do it as part of the initial installation, but I think you'll have to use the alternate CD).

Once you've encrypted the swap, /tmp is best dealt with by making it tmpfs. See here for a write-up.

You might choose to use tmpfs for other things such as print spools. But it's not suitable for others such as system logs. If you're going to encrypt every possibly-sensitive data, you might as well encrypt the whole system.