Encrypted home partition accessible by administrator

Matthew Crews mailinglists at mattcrews.com
Sun Apr 21 16:27:21 UTC 2019



On April 21, 2019 8:59:32 AM MST, Colin Law <clanlaw at gmail.com> wrote:
>I am experimenting with encrypting a users home partition. I created a
>new user using
>sudo apt install ecryptfs-utils
>sudo adduser --encrypt-home username
>
>which appeared to do the job, however I see that when logged in as an
>administrator (not the new user) I am able to browse the encrypted
>files in Nautilus by using the administrators password.  Is that
>supposed to be what happens?  If so how can I make a user whose files
>cannot be seen by any other user?
>
>Colin
>
>-- 
>ubuntu-users mailing list
>ubuntu-users at lists.ubuntu.com
>Modify settings or unsubscribe at:
>https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

I believe usage of ecryptfs is deprecated for this exact reason. I also filed a bug against it awhile ago back on 17.10.

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1732063

Keep in mind that almost no system is foolproof against a system admin. If a user wants to protect his data he should use something like KDE's Plasma Vault or Gocryptfs, but they are not automatically mounted like Ecryptfs.




More information about the ubuntu-users mailing list