5.13 User Accounts

We will encypt a user’s home directory (user kayon). The home directory will be automatically decrypted with the user’s password when the user logs in. This assumes the user account (kayon) has already been created, and that there is another user account, perhaps a temporary user tmp with admin access, from which to operate on kayon’s home directory. User kayon should not be logged on.

tmp$ wajig install ecryptfs-utils cryptsetup
tmp$ sudo ecryptfs-migrate-home -u kayon

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase  /.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************

/sbin/restorecon
/sbin/restorecon

Done configuring.

chown: cannot access '/dev/shm/.ecryptfs-kayon': No such file or directory
INFO:  Encrypted home has been set up, encrypting files now...this may take a while.
sending incremental file list
./
.Xauthority
            151 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=708/710)
.bash_history
            208 100%  203.12kB/s    0:00:00 (xfr#2, to-chk=707/710)
.bash_logout
            220 100%  214.84kB/s    0:00:00 (xfr#3, to-chk=706/710)
.bashrc
          3,771 100%    3.60MB/s    0:00:00 (xfr#4, to-chk=705/710)
[...]
Desktop/
Documents/
Downloads/
Music/
Pictures/
Public/
Templates/
Videos/
Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s). Proceeding with umount.

========================================================================
Some Important Notes!

 1. The file encryption appears to have completed successfully, however,
    kayon MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,
    TO COMPLETE THE MIGRATION!!!

 2. If kayon can log in and read and write their files, then the migration is complete,
    and you should remove /home/kayon.TryOLRcD.
    Otherwise, restore /home/kayon.TryOLRcD back to /home/kayon.

 3. kayon should also run 'ecryptfs-unwrap-passphrase' and record
    their randomly generated mount passphrase as soon as possible.

 4. To ensure the integrity of all encrypted data on this system, you
    should also encrypt swap space with 'ecryptfs-setup-swap'.
========================================================================

Follow the advice of the Some Important Notes.

See Section @ref(encrypted_home) for more details about encrypted home directories.



Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0