5,337
edits
Line 524: | Line 524: | ||
See [[Archwiki: Fscrypt#Encrypt_a_home_directory]]. | See [[Archwiki: Fscrypt#Encrypt_a_home_directory]]. | ||
See [https://tlbdk.github.io/ubuntu/2018/10/22/fscrypt.html https://tlbdk.github.io/ubuntu/2018/10/22/fscrypt.html]. | See [https://tlbdk.github.io/ubuntu/2018/10/22/fscrypt.html https://tlbdk.github.io/ubuntu/2018/10/22/fscrypt.html]. | ||
<ol> | |||
<li> | |||
Install fscrypt | |||
<pre> | |||
sudo apt-get install fscrypt libpam-fscrypt | |||
</pre> | |||
</li> | |||
<li> | |||
Create a new temp sudo user and login to it | |||
</li> | |||
<li> | |||
Create the encrypted home folder | |||
<pre> | |||
export USERNAME=david | |||
# Move old home folder | |||
sudo mv /home/$USERNAME /home/$USERNAME.bak | |||
# Create a new home folder and encrypt it | |||
mkdir /home/$USERNAME | |||
chown $USERNAME:$USERNAME /home/$USERNAME | |||
fscrypt encrypt /home/$USERNAME --user=$USERNAME | |||
# Copy files to the new home folder using cp or rsync | |||
# cp -a -T /home/$USERNAME.bak /home | |||
rsync -aHX --info=progress2 /home/$USERNAME.bak/ /home/$USERNAME/ | |||
</pre> | |||
</li> | |||
<li> | |||
Test the encrypted home folder by logging into your user | |||
</li> | |||
<li> | |||
Cleanup by removing the temporary user and deleting the old home folder | |||
<pre> | |||
shred /home/$USERNAME.bak/ | |||
</pre> | |||
</li> | |||
</ol> | |||
;Notes and Caveats | ;Notes and Caveats | ||
Line 529: | Line 567: | ||
** E.g. Move all startup scripts in your <code>~/bin</code> to <code>/usr/bin</code> | ** E.g. Move all startup scripts in your <code>~/bin</code> to <code>/usr/bin</code> | ||
* <code>ssh</code> will not work until home has been decrypted since the authorized keys are in <code>~/.ssh/authorized_keys</code> | * <code>ssh</code> will not work until home has been decrypted since the authorized keys are in <code>~/.ssh/authorized_keys</code> | ||
** Apparently |