Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Home folder encryption
#1
Dear forum mates,

I share an apartment with some other folks. We all use the same notebook which runs under Debian 10 (Emmabuntus DE) and we are all happy with it. Anyhow, I am a little bit concerned about our privacy and also bothered by the lack of protection Linux offers out of the box when it comes to user data protection. Sure, there is the full hard disc encryption, but that's useless for our needs. About 4-5 people use this notebook an all have data stored on it, to each his home directory. All of us can fully see what others have stored in their directory. There used to be a way to encrypt home at the time of installation but Debian (and other Debian based distros) have removed this tool (eCryptfs) due to its unmaintained program code. I checked if I can still use eCryptfs but in most forums I read that I should keep my hands of it.

Can someone please help me with an advice? I am looking for an easy and simple way to protect/encrypt my various home user directories I have on my shared notebook. It should be a way an non-experiences user like me can achieve without digging to deep in the file system and playing around in the partition table.

Thank you for your inputs.
Patrick
Reply
#2
If only you have access to root privileges, it would suffice to simply change the permissions of your home directory to no longer allow users other than yourself to see its contents.
Reply
#3
(01-12-2020, 09:57 PM)leon.p Wrote: If only you have access to root privileges, it would suffice to simply change the permissions of your home directory to no longer allow users other than yourself to see its contents.


Thank you Leon. It has been a while since I wrote my post above. The situation has not changed yet. Your advice above might be a solution, but again, just a half-way-solution in my eyes. I am still trying to get Home encryption installed on a Debian 10 (Emmabuntus) machine. We are meanwhile 8 people with access to this laptop, so privacy is crucial in my eyes. Again, it bothers me to see that Linux (claiming to be privacy focused) lacks in such basic setups.

I am not an expert but I tried almost everything I found on the internet, without success. All you basically need is the ecryptfs-utils deb file which can also be taken out of older repos as Deb 10 does not support that any longer.

I know it must be somehow possible to get this done. The Linux Mint team has just proven it with its new LMDE3 release, that a Home encryption on Buster can be done.

Anyhow folks, if you see this post and something useful comes into your mind, please post it here.

Cheers
Patrick
Reply
#4
The Arch wiki has a very good Disk Encryption sections.  
Disk encryption - ArchWiki
It contains a good comparison chart.  Also, additional links on the page should be read as well.

There are many different Linux flavors of encryption for many different needs.

If you are on a machine with eight different users, do you have root access or the administrator user account to elevate privileges?  Without root or elevated privileges, you can quickly eliminate your choices.
 
Does each user have a separate /home/user file system?
 
Or, do all users have a /home/user directory under the /home or / file system?

If you want to create a separate partition/file system for your /home/user or /home/user/private, you should consider the native dm-crypt+LUKS.

If you want to use your existing home/user without any partition/new file system  changes, you should also consider ecryptfs.

If you want to use your existing /home/user without any partition/file system changes, you can create a native dm-crypt+LUKS using a crypto storage container file in your existing home directory. The crypto storage container file acts like a virtual disk.  You would mount it only when you need it.  I use this method to store my financial records.  
Idea Give a person a fish, and you feed them for a day. Teach a person how to fish, and you feed them for a lifetime. ✝️ Proverbs 4:7 Wisdom is the principal thing; therefore get wisdom: and with all thy getting get understanding.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)