On 03/30/2018 12:22 PM, Neal Becker wrote: > I'm running f27 with everything on one drive. /home is 1 btrfs subvolume > and / is another btrfs subvolume. > > I want to move my /home to encryption. One possibility seems to be to use > ecryptfs. I tried creating a test user, and the following: > https://cloud-ninja.org/2014/04/05/fedora-encrypting-your-home-directory/ > (following "easy way" instructions). > > This didn't do anything AFAICT, the test user's files still appear to be > unencrypted, and I don't see any ecryptfs mount. > > Any suggestions? Is ecryptfs the way to go here or something else? AFAIK, ecryptfs, since it's a filesystem type, doesn't encrypt EXISTING files, only things written to a directory already mounted with "-t ecryptfs": 1. # mkdir /home/test 2. # echo "Unencrypted data" >/home/test/plainfile.txt 3. # mount -t ecryptfs /home/test /home/test 4. # echo "Encrypted data" >/home/test/cryptfile.txt "plainfile.txt" would NOT be encrypted (it was written before the remount). "cryptfile.txt" would be encrypted (written after the remount). IIRC it also only decrypts things that were encrypted...unencrypted files are read as-is (I think a "magic number" is prepended to the data when the file is encrypted so the system knows whether to decrypt or not). Having said that, it's been a while since I futzed with it. There may be a tool that will walk down the directory tree and encrypt the files found. I don't remember. Also, I believe it's more common to use LUKS than ecryptfs, ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Any sufficiently advanced technology is indistinguishable from a - - rigged demo. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
