Tag - Privacy

Encrypt user home with eCryptfs Sun, Apr 11, 2021 02:00 CEST

We encrypt a user home directory with eCryptfs. The consequence is that the contents of this directory are only accessible if at least one of the following is true:

  • You know the user’s password.
  • The user is logged in* AND you have read permission to the user’s directory (if you are root for instance).

* or has processes surviving logout (for instance lingering services).

This may increase privacy, depending on how the system is used.

If the user home is not encrypted, it would suffice to be root (without the user necessarily being logged in). Note that being root on another system and mounting the partition hosting the user’s home suffices.