Encrypted home partition accessible by administrator

Colin Law clanlaw at gmail.com
Tue Apr 23 10:12:36 UTC 2019


On Tue, 23 Apr 2019 at 08:41, <J.Witvliet at mindef.nl> wrote:
>
> Often one needs tot think about WHAT you are protecting against WHO, at WHICK costs....
>
> It is possible to encrypt your entire home directory of a specific user,
> And requiring him to provide an additional passphrase or PIN after the user logs in,
> Thus protecting its content not only against other users, even against the root-user.

Can you point me to instructions on doing that please?  The usual
instructions do not appear to include the  provision of an additional
pass-phrase.

> However, the moment the directory is mounted, root still has access to it, as long the user is logged in.

Understood, I think I can cope with that issue separately.

> It might be wiser to add additional layers of obfuscation, like a second (nested vault) that is only opened as long the user needs any of the files in it (during read or write)
> And one might encrypt each individual file...

I will look into those options.

Thanks

Colin



More information about the ubuntu-users mailing list