Encrypting the home directory provides some comfort if the computer is
lost or stolen. Full disk encryption is even better, though on this
release of Ubuntu (18.04) I only had the option to encrypt the full
disk and overwrite the installed Windows partition. Home directory
encryption is mostly okay but some data will live in /tmp or
other non /home locations whilst some sensitive data may live
in the swap partition.
This release of Ubuntu (18.04) does not support home directory
encryption at installation time unlike previous releases. We can set
this up for an existing user (kayon) by creating a second user account
and from that user's login encypt the first user's home (and
vice-versa for the second user's home).
$ wajig install ecryptfs-utils cryptsetup
$ sudo ecryptfs-migrate-home -u kayon
Log out and log into kayon. Then print and record the
We might also encrypt the swap partition and though hibernate will be
affected suspend will be okay. (Will this adversely affect battery
$ sudo ecryptfs-setup-swap
Now reboot, login as the second user, and try using sudo to list the
first user's home:
$ sudo ls /home/kayon
When adding new users:
$ sudo adduser --encrypt-home <user>
Copyright © 1995-2019 Togaware Pty Ltd
Support further development through the purchase of the PDF version of the book.
Brought to you by Togaware and the author of open
source software including Rattle and wajig.
Also the author of Data Mining with Rattle and Essentials
of Data Science.