These in search of a straightforward, common strategy to encrypt the house folder on Linux want look no additional than EcryptFS. When accurately arrange, customers can seamlessly encrypt and decrypt their personal with out a lot effort.
SPOILER ALERT: Scroll down and watch the video tutorial on the finish of this text.
Set up EcryptFS
Earlier than any encryption can start, you’ll want to put in the encryption software. Its very talked-about, works on virtually all Linux distributions, and is simple to make use of. You should be have to be working Ubuntu, Debian, Arch Linux, Fedora, OpenSUSE to put in or you may construct it from supply when you’re working another distribution.
Ubuntu
sudo apt set up ecryptfs-utils
Debian
sudo apt-get set up ecryptfs-utils
Arch Linux
sudo pacman -S ecryptfs-utils
Fedora
sudo dnf set up ecryptfs-utils
OpenSUSE
sudo zypper set up ecryptfs-utils
Different Linuxes
Can’t discover an installable bundle of EcryptFS in your Linux working system? In that case, you’ll must download the source code and set up the software program manually. When you’ve got bother constructing the software program, do take a look at the EcryptFS documentation page.
Encrypt The Home Folder
Throughout this encryption course of, we’ll be making a short lived consumer. This consumer isn’t going to be everlasting. On the finish of this tutorial, we’ll fully delete it. Creating a short lived super-user account is essential as a result of it’s not potential to encrypt a consumer listing whereas logged in.
Create New Consumer
To create a brand new consumer, open up a terminal, log into the basis account.
su
or
sudo -s
Now that the shell is root, use useradd to make the non permanent account. Be sure you add the -M to make sure the system doesn’t create a brand new house listing.
useradd -M encrypt-admin
Useradd will create a brand new consumer, but it surely doesn’t have a password. Utilizing passwd, assign encrypt-admin a brand new UNIX password.
passwd encrypt-admin
Encrypt-admin is able to use, however won’t be able to entry and execute root instructions. To enable the consumer to run root instructions, we’ll want so as to add it to the sudoers file. Utilizing visudo, edit the sudo config file.
EDITOR=nano visudo
Contained in the Nano textual content editor, scroll down and search for “# Consumer privilege specification“. Beneath this, it is best to see “root ALL=(ALL:ALL) ALL“. Press enter on the keyboard beneath this line and write out the next in Nano.
encrypt-admin ALL=(ALL:ALL) ALL
Save the visudo file by urgent Ctrl + O, then shut with Ctrl + X.
Begin Encryption
To begin the encryption course of, sign off of the username you propose to begin the encryption on. On the login display, press Alt + Ctrl + F1. If this button combo doesn’t work, strive F2 by means of F6.
Utilizing the TTY immediate, write encrypt-admin within the login immediate, adopted by the password set earlier. Then, use EncryptFS to begin the encryption.
Be aware: change “yourusername” to the identify of the consumer account you simply logged out of. To encrypt a number of consumer accounts, run this command a number of instances.
sudo ecryptfs-migrate-home –u yourusername
The above command will migrate your consumer to an encrypted house folder. From right here, it’s protected to sign off of the non permanent administrator account, and again into the common consumer. Sign off of the TTY console with:
exit
Writing out the exit command ought to immediately return to the login display from earlier than. From there, press Alt + F2 – F7 to return to graphical mode.
Take away Consumer Account
EcryptFS is absolutely configured on Linux, so it’s time to do away with the encrypt-admin account. Begin off by eradicating it from the sudoers file. Open up a terminal and modify visudo.
sudo -s EDITOR=nano visudo
Scroll down the sudoers file, and take away the code added earlier on within the information.
encrypt-admin ALL=(ALL:ALL) ALL
Save the sudoer file edit in Nano by urgent Ctrl + O on the keyboard. Exit Nano and return to the terminal shell with Ctrl + X.
Encrypt-admin not has any means to achieve root entry or modify the system in any manner. At this level, it’s innocent, and it’s potential to simply depart it there. Nonetheless, when you’re not keen on having a number of customers in your Linux PC, it might be a good suggestion to delete it altogether. Within the terminal, use the userdel command to do away with it.
sudo userdel encrypt-admin
Add Encryption Password
EcryptFS is nearly able to go. All that’s left is to arrange a brand new password. Open up a terminal (with out utilizing sudo or root) and enter add a brand new passphrase. Please remember that encryption is pointless with no safe password. Head over to strongpasswordgenerator.com and create a powerful encryption passphrase.
Be aware: don’t need to use the generator to create a brand new passcode? Check out this article to discover ways to create your personal safe passphrase as an alternative.
ecryptfs-add-passphrase
When “ecryptfs-add-passphrase” finishes, your own home folder needs to be absolutely encrypted. To begin utilizing it, restart your Linux PC. Upon restart, EcryptFS would require your new passphrase to log in accurately.
