Useful solutions

So you got your brand new flashing MacBook and want to have your home directory encrypted with the oh-so-easy FileVault? The bad news is that TimeMachine backups of your home directory will become uncomfortable, to say the least. They will only be done upon logoff (not hourly!), and they’ll hog a lot of space because major parts of the encrypted sparse bundle will have to be backed up every time (even small changes lead to a large number of ‘bands’ in the sparse bundle being changed).

But there’s a solution. I couldn’t find it anywhere on the web, but some quick questions on the Apple Support Forums helped me find the answer.

First, you’ll want Time Machine to exclude the encrypted version of your home directory. You can either log in as a different user and then add /Users/username/username.sparsebundle to your exclusion list. But if you don’t want to create a second user on your Mac, you can also edit /Library/Preferences/com.apple.TimeMachine.plist directly. You’ll have to do so in part two of this guide anyway. You’ll notice that this file is stored as a ‘binary plist’, e.g. you can’t read it. But Bare Bones’ TextWrangler can. When editing the plist with the appropriate tool, you’ll find an entry called <key>SkipPaths</key>. Make sure that it contains an entry like this:

<key>SkipPaths</key>
	<array>
		<string>/Users/username/username.sparsebundle</string>
	</array>

 <key>SkipPaths</key>
 <

You may also want to remove your existing backups of the encrypted home directory. To get rid of them, start Time Machine, navigate to any version of /Users/username/username.sparsebundle, alternate-click it, and select ‘remove from Backups’.

Step two. Snow Leopard excluded mounted volumes by default, but we want it to include your mounted home directory volume. To do so, we’ll need to dig a bit further into the matter. You can explicitly tell it to include volumes by adding entries to the Time Machine plist like this:

	<key>IncludedVolumeUUIDs</key>
	<array>
		<string>B59D3B0B-...</string>
	</array>
	<key>IncludedVolumes</key>
	<array>
		<data>
		AAAAAAKIAAIAAQZkYW5pZWwAAAAAAAAAAAAAAAAAAAAAAAAAAADHOwPSSCsA

		...
		</data>
	</array>

So we’ll have to find out your home directory volume’s UUID and its garbled base64 ID. The UUID part is easy. In a terminal, type

$ diskutil info /Users/username

and search for an entry called ‘Volume UUID’.  To get the second, base64-encoded ID, do the following:

1. Open a Finder window.
2. Drag your home directory into the Finder’s toolbar.
3. Close the Finder window.
4. Open ~/Library/Preferences/com.apple.Finder.plist, and search for a section called TB Item Plists. Look for an entry that contains the path to your home directory and copy the <data> part of the CFURLAliasData section as the Volume ID.

Now insert those two IDs into your com.apple.TimeMachine.plist and reboot. Your home directory should be backed up unencrypted in the future. You’ll find it on the top level of your backups, next to ‘Macintosh HD’. Make sure it’s there, of course.

You can find the original thread on the Apple support forums here. I did write about a different approach before, but it’s not Time Machine and I couldn’t get Carbon Copy Cloner to automatically mount my network share.

If you own a MacBook, you might want to protect your private data from others. For this purpose, Apple has built in the FileVault technology into your MacBook. It basically consists of 128-bit AES encryption for your home directory. FileVault works very well, but it has one major downside: It doesn’t like to play with Time Machine. Time Machine will not backup your home directory every hour, but rather just do backups at logoff. In addition to that, it will just backup the encrypted data, which is stored in a .sparsebundle kind of directory. So Time Machine will backup too much, but at the same time won’t give you the comfort of a non-FileVaulted Time Machine backup.

Enter Carbon Copy Cloner. This is a donationware utility that has various means to backup your data. Originally intended to clone your entire hard drive, Carbon Copy Cloner can do a lot more than that. It can also do regular backups of your home directory, and it will even archive the old files. When scheduling it to do hourly backups, Carbon Copy Cloner will almost work like Time Machine for your FileVaulted home directory. I have set up Carbon Copy Cloner to do hourly backups of my home directory to a .sparseimage (no support for .sparsebundles yet, as it seems) and archive changed and deleted files. For all the other stuff on my Hard Disk, I continue to use Time Machine, because it still is slightly more comfortable and because I’m used to it.

But wait. With the default settings, Carbon Copy Cloner will archive about 30 MB of changed files on every backup. When doing hourly backups, that might become half a gigabyte a day, while Time Machine seems to backup far less. I’ve found a site that explains this difference: Time Machine doesn’t backup some volatile data, e.g. caches and temporary files. You can find the files Time Machine excludes in a file called StdExclusions.plist in the bundle /System/Library/CoreServices/backupd.bundle.

Here are the contents of my version of that file:

• Library/Application Support/SyncServices/data.version
• Library/Caches
• Library/Logs
• Library/Mail/Envelope Index
• Library/Mail/AvailableFeeds
• Library/Mirrors
• Library/PubSub/Database
• Library/PubSub/Downloads
• Library/PubSub/Feeds
• Library/Safari/Icons.db
• Library/Safari/WebpageIcons.db
• Library/Safari/HistoryIndex.sk