View previous topic :: View next topic |
Author |
Message |
printf Tux's lil' helper
Joined: 02 Dec 2010 Posts: 123
|
Posted: Thu Sep 12, 2013 11:46 am Post subject: encrypting /root and each user's /home folder based on login |
|
|
i would like to encrypt all of the user folders - includeing root's - based on their login (i'm using slim with xfce)
only /home is on a separate partition
it does not need to be super-duper strong, as i figured since it is an ssd, i would not feel that much difference if i encrypt these folders
i searched around the forum but there are many options and sometimes it is not apparent which one is recend and should be used, and many of them use a keyfile or and usb stick and encrypt the whole hard drive which i do not want |
|
Back to top |
|
|
Kompi Apprentice
Joined: 05 Oct 2002 Posts: 252 Location: Germany
|
Posted: Thu Sep 12, 2013 6:46 pm Post subject: |
|
|
Good encryption and the best way IMHO is to use LUKS with pam_mount. You will need to have one partition for each home dir (or a home partition with muptiple keys) to do that.
If you do not want to make each home dir an encrypted partition with LUKS: use encFS or ecryptFS. ecryptFS has a pam module for mounting at login AFAIK, encFS can be mounted at login with pam_mount the same way as LUKS partitions. ecryptFS needs a kernel module, encFS is completely FUSE-based userspace. ecryptFS is the one Ubuntu is using for encrypted home dirs. I prefer encFS as it feels more flexible and worked better for me on an NFS share. |
|
Back to top |
|
|
azieba n00b
Joined: 09 Sep 2013 Posts: 9
|
Posted: Thu Sep 12, 2013 7:47 pm Post subject: |
|
|
I think encFS is quiet good for individual user directories. Files are encrypted, but you can still copy backup them in optimal way. Not like LUKS where you don't see individual files without decrypting volume first. That is a trade off. Because anyone with access to your directory will see that there are files there, he can then copy them /paranoia mode on/ and try to break encryption on them /paranoia mode off/ |
|
Back to top |
|
|
printf Tux's lil' helper
Joined: 02 Dec 2010 Posts: 123
|
Posted: Wed Oct 02, 2013 8:58 am Post subject: |
|
|
finally went with eCryptFS, and used the ecryptfs-migrate-home -u <user> command to set up my folder, which wraps the key with the user login
i was thinking is it actually safe to ecnrypt the /root folder, or does it have any sense? |
|
Back to top |
|
|
|