Skip navigation.
Home
Freedom is contagious.

Quick and Dirty Homedir encryption in Edgy Eft

Quick and dirty setup instructions for encrypting an existing user's home directory in Edgy Eft. Note that some steps are from memory and thus might be slightly off. Please be warned that this process may corrupt your home directory, advertise your password to the internet via a massive spamming campaign, and cause other boys in the locker room to snicker at you. Use at your own risk, you've been warned.

First, get the right tools:

apt-get install fuse-utils encfs libpam-encfs

Then create your encrypted directory. As root, from a clean boot, without logging in as the user account in question:

sudo mkdir -p /home/.enc/USER /home/.enc/tmp
sudo chown USER:USER /home/.enc/USER
sudo chmod 777 /home/.enc/tmp
encfs /home/.enc/USER /home/.enc/tmp
(use your normal USER password with the default mode)
cd /home/USER
find . -xdev | cpio -pamd /home/.enc/tmp
(that step may take a while if you have a large home directory)
fusermount -u /home/.enc/tmp
sudo mv /home/USER /home/USER.bak
(remove the .bak dir using the shred tool after you're completely sure the process worked)
sudo mkdir /home/USER
sudo chown USER:USER /home/USER
sudo rmdir /home/.enc/tmp

Now create or edit the following files as needed:

/etc/security/pam_encfs.conf
drop_permissions
encfs_default
fuse_default allow_other,nonempty
- /home/.enc - - -

/etc/pam.d/common-auth
auth sufficient pam_encfs.so
auth required pam_unix.so nullok_secure use_first_pass

/etc/pam.d/common-session
session required pam_encfs.so
session required pam_unix.so
session optional pam_foreground.so

/etc/fuse.conf
user_allow_other

Viola. One thing to note -- before you do anything drastic like rebooting, switch to a different virtual-terminal and try to login as root again to make sure you didn't hose your PAM installation unless you really like having to pull your drive (does single user mode even work?) to recover.

Then switch over to your favorite VT7, and see if you can login to GDM.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Some problems

I had the following problems:
1) Wrong permission on /home/.enc/USER/.encfs5
solved with chown USER:USER /home/.enc/USER/.encfs5
2) Need to add user to fuse group
adduser USER fuse
3) On Edgy wrong (bug ? https://launchpad.net/distros/ubuntu/+source/fuse/+bug/1860) permission on /dev/fuse
solved with chgrp fuse /dev/fuse

bye

Some extra notes for KDE users

If you get an error about starting dcopserver try this:

Near the top of /etc/kde3/kdm/Xsession add:
export ICEAUTHORITY=/tmp/.ICEauthority.$LOGNAME

After that KDM/KDE logins work great.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.