To be written.
One way to create ecrypfs home directories¶
Here is how i did it, based on the following link:
(much shamelessly copied)
Login and setup an Encrypted Private directory:
Logout, and log back in and make sure $HOME/Private is mounted.¶
exit login mount | grep "$USER.*ecryptfs"
to copy all data from your home directory to your new Encrypted Private directory. If you have a large home directory, this step might take a very long time. Be very wary of any errors at this point. This is the most essential step in this migration scheme. I usually re-run this step 3 times.
rsync -aP --exclude=.Private --exclude=Private --exclude=.ecryptfs $HOME/ $HOME/Private/
Sync to disk, unmount, logout, and log back in.¶
sync && sync && sync ecryptfs-umount-private exit login
Setup your eCryptfs configuration directory.¶
ecryptfs-umount-private cd / sudo mkdir -p /home/.ecryptfs/$USER sudo chown $USER:$USER /home/.ecryptfs/$USER mv $HOME/.ecryptfs /home/.ecryptfs/$USER/ mv $HOME/.Private /home/.ecryptfs/$USER/ sudo chmod 700 /home/.ecryptfs/$USER/.Private sudo chmod 700 /home/.ecryptfs/$USER/.ecryptfs
Setup your new, unmounted home directory.¶
sudo mkdir -p -m 700 /home/$USER.new sudo chown $USER:$USER /home/$USER.new ln -sf /home/.ecryptfs/$USER/.ecryptfs /home/$USER.new/.ecryptfs ln -sf /home/.ecryptfs/$USER/.Private /home/$USER.new/.Private
Move your old, unencrypted home directory out of the way.¶
sudo mv $HOME $HOME.old
“Activate” your new, unmounted home directory by renaming it.¶
sudo mv /home/$USER.new $HOME echo $HOME > $HOME/.ecryptfs/Private.mnt ln -sf /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt $HOME/README.txt sudo chmod 500 $HOME
Logout, and log back in.¶
Ensure that $HOME is mounted, and that you have a symlink to your configuration directory.
exit login mount | grep "$USER.*ecryptfs" ln -sf /home/.ecryptfs/$USER/.ecryptfs /home/$USER/.ecryptfs ln -sf /home/.ecryptfs/$USER/.Private /home/$USER/.Private
Check all of your home directory data.¶
Ensure that everything is in order. Once you are completely confident that the migration worked, you can reclaim some disk space by removing your old, non-encrypted data.
sudo rm -rf $HOME.old
Check your /etc/pam.d/ configuration!¶
common-auth:28: auth optional pam_ecryptfs.so unwrap common-session:28: session optional pam_ecryptfs.so unwrap
Obviously, much of this is scriptable….