GNU/Linux Desktop Survival Guide by Graham Williams
Desktop Survival Project Home Preface Advocacy History Distributions Installing GNU/Linux Basic Survival Wajig Applications AI, Machine Learning, Data Science Android - GNU/Linux Devices Audio Backup Booting CD Chinese ChRoot Clock Command Line Databases DIA Directories Disks EcoSysL Emacs Email Evolution Files File Systems Firewalls Floppy Disks FreedomBox Glade GNOME Graphics, Images, Photos Hardware Initialisations on Booting Installation Examples Internet IOT Java KDE Kernels Keyboard Konqueror KVM Switch LATEX Log System Login Magellan MATE Mathematics Memory Modems Mounting Devices MS/Windows Music MySQL Nautilus Networks Nextcloud Network File System NFS NT File System Oracle Packages Partitions Passwords PDF Power Management PPP Presentations Printing Python R Remote Desktops Rsync Samba Scanning Science Screens Security Spreadsheet SSH Swap Teradata Data Warehouse Themes TV Unity USB Version Control Video Virtualization Voice over IP WebCam WordPress Web Sites Word Processing and Printing X XML Troubleshooting Index

CLICK HERE TO VISIT THE UPDATED SURVIVAL GUIDE

User Accounts

We will encypt a user's home directory (user kayon). The home directory will be automatically decrypted with the user's password when the user logs in. This assumes the user account (kayon) has already been created, and that there is another user account, perhaps a temporary user tmp with admin access, from which to operate on kayon's home directory. User kayon should not be logged on.

tmp$ wajig install ecryptfs-utils cryptsetup
tmp$ sudo ecryptfs-migrate-home -u kayon

************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
  ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************

/sbin/restorecon
/sbin/restorecon

Done configuring.

chown: cannot access '/dev/shm/.ecryptfs-kayon': No such file or directory
INFO:  Encrypted home has been set up, encrypting files now...this may take a while.
sending incremental file list
./
.Xauthority
            151 100%    0.00kB/s    0:00:00 (xfr#1, to-chk=708/710)
.bash_history
            208 100%  203.12kB/s    0:00:00 (xfr#2, to-chk=707/710)
.bash_logout
            220 100%  214.84kB/s    0:00:00 (xfr#3, to-chk=706/710)
.bashrc
          3,771 100%    3.60MB/s    0:00:00 (xfr#4, to-chk=705/710)
[...]
Desktop/
Documents/
Downloads/
Music/
Pictures/
Public/
Templates/
Videos/
Could not unlink the key(s) from your keying. Please use `keyctl unlink` if you wish to remove the key(s). Proceeding with umount.

========================================================================
Some Important Notes!

 1. The file encryption appears to have completed successfully, however,
    kayon MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,
    TO COMPLETE THE MIGRATION!!!

 2. If kayon can log in and read and write their files, then the migration is complete,
    and you should remove /home/kayon.TryOLRcD.
    Otherwise, restore /home/kayon.TryOLRcD back to /home/kayon.

 3. kayon should also run 'ecryptfs-unwrap-passphrase' and record
    their randomly generated mount passphrase as soon as possible.

 4. To ensure the integrity of all encrypted data on this system, you
    should also encrypt swap space with 'ecryptfs-setup-swap'.
========================================================================

Follow the advice of the Some Important Notes.

See Section 79.8 for more details about encrypted home directories.