Go to TogaWare.com Home Page. GNU/Linux Desktop Survival Guide
by Graham Williams
Duck Duck Go

Olive Issues




Encrypting the home directory provides some comfort if the computer is lost or stolen. Full disk encryption is even better, though on this release of Ubuntu (18.04) I only had the option to encrypt the full disk and overwrite the installed Windows partition. Home directory encryption is mostly okay but some data will live in /tmp or other non /home locations whilst some sensitive data may live in the swap partition.

This release of Ubuntu (18.04) does not support home directory encryption at installation time unlike previous releases. We can set this up for an existing user (kayon) by creating a second user account and from that user's login encypt the first user's home (and vice-versa for the second user's home).

$ wajig install ecryptfs-utils cryptsetup
$ sudo ecryptfs-migrate-home -u kayon

Log out and log into kayon. Then print and record the recovery passphrase.

$ ecryptfs-unwrap-passphrase
Passphrase: <password>

We might also encrypt the swap partition and though hibernate will be affected suspend will be okay. (Will this adversely affect battery drain?)

$ sudo ecryptfs-setup-swap

Now reboot, login as the second user, and try using sudo to list the first user's home:

$ sudo ls /home/kayon
Access-Your-Private-Data.desktop  README.txt

When adding new users:

$ sudo adduser --encrypt-home <user>

Copyright © 1995-2019 Togaware Pty Ltd
Support further development through the purchase of the PDF version of the book.
Brought to you by Togaware and the author of open source software including Rattle and wajig.
Also the author of Data Mining with Rattle and Essentials of Data Science.