Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: HOW-TO encrypt your home directory

  1. #1
    Join Date
    Aug 2008
    Beans
    6

    HOW-TO encrypt your home directory

    I have tried getting my home directory encrypted, following these two articles:

    http://www.linux-mag.com/cache/7568/1.html
    https://wiki.ubuntu.com/EncryptedHomeFolder

    None of them worked for me. I would end up with a .Private dir with all encrypted, but I could not make it mount on the home dir. I'm not a Linux expert by any means, but I have been using Ubuntu for a few years now, so I know my way around. Then I clued in that you can create a new user with an encrypted home directory from the very beginning (this works only from 9.10). So I thought that I could:

    1. Rename my user
    2. Create a new user with an encrypted home dir
    3. move everything from the old user to the new one
    4. delete the old one


    Well, it worked. I'm sure the 'oficial' ways are much better in a million ways, but if they did not work for you, try this:

    - Logout from the graphic interface

    - Login with Alt+Ctl+F1 to get a terminal with the minimum open files.

    - Create a new admin user:
    sudo adduser --ingroup admin deleteme

    - Exit, log back in with 'deleteme'

    - Get the old home out of the way:
    sudo mv /home/user /home/olduser

    - Rename the old user
    sudo usermod --home /home/olduser --login olduser user

    - Create the new encrypted user
    sudo adduser --home /home/user --ingroup admin --encrypt-home user

    - Exit, then login with the new user and copy all the files
    sudo rsync -a /home/olduser /home/user

    - Make these files your own
    cd /home
    sudo chown -R user user

    - Logout, then login with the user, make sure everything works. After a couple of days without a problems, clean up:

    sudo deluser --remove-all-files deleteme
    sudo deluser --remove-all-files olduser


    I hope it helps

    Emiliano Conde
    Lead Developer
    jBilling.com - Open Source Billing

  2. #2
    Join Date
    Nov 2009
    Beans
    14

    Re: HOW-TO encrypt your home directory

    This might be useful:

    Code:
    $ ecryptfs-migrate-home --help
    
    Usage:
    
    /usr/bin/ecryptfs-migrate-home -u USER
    
     -u,--user       Migrate USER's home directory to an encrypted home directory
    
    WARNING: Make a complete backup copy of the non-encrypted data to
    another system or external media. This script is dangerous and, in
    case of an error, could result in data lost, or lock you out of your
    system!
    
    This program must be executed by root.

    Haven't tried yet, though..

  3. #3
    Join Date
    Jul 2008
    Beans
    8

    Talking Re: HOW-TO encrypt your home directory

    Quote Originally Posted by abuster View Post
    This might be useful:

    Code:
    $ ecryptfs-migrate-home --help
    
    Usage:
    
    /usr/bin/ecryptfs-migrate-home -u USER
    
     -u,--user       Migrate USER's home directory to an encrypted home directory
    
    WARNING: Make a complete backup copy of the non-encrypted data to
    another system or external media. This script is dangerous and, in
    case of an error, could result in data lost, or lock you out of your
    system!
    
    This program must be executed by root.

    Haven't tried yet, though..
    AWESOME. This solved most of the problems I had with an encrypted home directory AND with multiple administrators.
    thx thx thx thx

  4. #4
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    263
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: HOW-TO encrypt your home directory

    If I encrypt my home directory (on my old netbook running 10.04) how do I decrypt it please?
    (When I installed 10.04 on this new notebook I had the choice of having an encrypted home folder and supplying a password for that encryption so that /home gets decrypted when I initially Log in and enter that password).
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS Eee PC 1001P Atom N450 1.66GHz 1GiB RAM, Lubuntu 14.04 & XP
    Toshiba Equium M50&M40, Lubuntu 14.04 & XP
    Raspberry Pi B, SD bootable Raspbian or OpenElec/XBMC

  5. #5
    Join Date
    Jun 2008
    Location
    London, UK
    Beans
    11
    Distro
    Ubuntu 8.04 Hardy Heron

    Re: HOW-TO encrypt your home directory

    Thank you for the post balckNwhite, it was very helpful.

    However a big big warning for sudo deluser --remove-all-files olduser: It will delete any of the files belonging to the old user anywhere on the filesystem. This includes external disks etc not only the home directory.

    It would be more appropriate to use deluser --remove-home, because these are the only files that have been backed up.

    To locate and change all the files belonging to the original user use this command:

    find / -user olduser -exec chown newuser:newuser {} \;

  6. #6
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    263
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: HOW-TO encrypt your home directory

    Well in the end I realised that the only data in my home directory that I did not want anyone else to be able to see into was in a directory of files in a Truecrypt encrypted file.
    I had started using Truecrypt for my secret stuff years ago.
    So I saved my home directory and any other stuff I needed to copy back after a re-install of Ubuntu.
    I then did a re-install without selecting the option to encrypt my home directory, copied back my saved home directory and other stuff.
    I'm now happy that I can, if disaster strikes, restore everything to a different PC from my regular off-site backups.
    Last edited by welshmike; December 30th, 2010 at 06:25 PM. Reason: Clarification
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS Eee PC 1001P Atom N450 1.66GHz 1GiB RAM, Lubuntu 14.04 & XP
    Toshiba Equium M50&M40, Lubuntu 14.04 & XP
    Raspberry Pi B, SD bootable Raspbian or OpenElec/XBMC

  7. #7
    Join Date
    Apr 2005
    Beans
    90

    Re: HOW-TO encrypt your home directory

    How to check if the current /home directory already encrypted or not?

  8. #8
    Join Date
    Apr 2008
    Location
    Winchester, UK
    Beans
    263
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: HOW-TO encrypt your home directory

    When my home directory was encrypted and I booted from a live Ubuntu CD or USB flash drive I could not see the contents of my encrypted home directory.
    MSi CR620 (Novatech i3 Core i3-350M) 2.27GHz 2GiB RAM, 250GiB SSD, Ubuntu 14.04 & XP
    ASUS Eee PC 1001P Atom N450 1.66GHz 1GiB RAM, Lubuntu 14.04 & XP
    Toshiba Equium M50&M40, Lubuntu 14.04 & XP
    Raspberry Pi B, SD bootable Raspbian or OpenElec/XBMC

  9. #9
    Join Date
    Jul 2010
    Location
    NY
    Beans
    16
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: HOW-TO encrypt your home directory

    This was quite helpful, thanks guys!

    Just wondering, I used ecryptfs-migrate-home to encrypt my home DIR.

    Code:
    /usr/bin/ecryptfs-migrate-home -u USER
    I'm now left with a folder /home/USER.w3KuZxku is this just a backup of my user DIR? I'd like to remove if possible.

    Edit: Looks like it's a duplicate. However files that rsync: recv_generator: failed to stat were left in the duplicate, and are not present in my main USER DIR.
    Last edited by carmelosantana; February 4th, 2011 at 04:33 PM.

  10. #10
    Join Date
    Jul 2008
    Location
    Wilmington, DE
    Beans
    186
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOW-TO encrypt your home directory

    Ok, I executed this in precise

    Code:
    sudo /usr/bin/ecryptfs-migrate-home --help
    sudo: /usr/bin/ecryptfs-migrate-home: command not found
    to get the ecryptfs if not selected at time of installation
    Code:
    sudo apt-get install ecryptfs-utils
    Last edited by iconoclast hero; April 23rd, 2012 at 01:18 PM. Reason: answering own question for others

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •