Go to TogaWare.com Home Page. GNU/Linux Desktop Survival Guide
by Graham Williams
Duck Duck Go

Home Encryption

See Section 5.10 for information about setting up encrypted user accounts.

20190121 On installation, depending on distribution, Ubuntu will ask if you want to encrypt your home files when you set up user accounts. This will protect data sitting at rest when you are not logged onto the computer, protecting it against exposure or theft. It protexts most user data but some data will live in /tmp or other non /home locations whilst some sensitive data may live in the swap partition.

Full disk encryption is a common alternative, protecting the whole disk at rest. The disk is then decrypted at boot time and remains decrypted whilst the system is active.

When adding new users their home folder can be encrypted:

$ sudo adduser --encrypt-home <user>

For a pre-existing user ecryptfs-migrate-home can be used. This needs to be run from another user account. If there is a single existing user (kayon) then create a second user account (sudo adduser tmp) and from that second user's login, encrypt the first user's home (and vice-versa for the second user's home if that account will be longer living).

tmp@host$ wajig install ecryptfs-utils cryptsetup
tmp@host$ sudo ecryptfs-migrate-home -u kayon
Log out of tmp and log into kayon. Then print and record the recovery passphrase for future recovery if required.
kayon@host$ ecryptfs-unwrap-passphrase
Passphrase: <password>

Now reboot, login as the second user (tmp), and try using sudo to list the first user's home:

tmp@host$ sudo ls /home/kayon
Access-Your-Private-Data.desktop  README.txt

Consider also encrypting the swap partition. Hibernate will be affected by this, though suspend will be okay.

$ sudo ecryptfs-setup-swap


Support further development by purchasing the PDF version of the book.
Other online resources include the Data Science Desktop Survival Guide.
Books available on Amazon include Data Mining with Rattle and Essentials of Data Science.
Popular open source software includes rattle and wajig.
Hosted by Togaware, a pioneer of free and open source software since 1984.
Copyright © 1995-2020 Togaware Pty Ltd. . Creative Commons ShareAlike V4.