Making Home encrypted.

Considering that it wasnt done @ setup, how does one manually configure an encrypted that it:

  1. Houses the “home” account of a user (we’ll call him /the account “joe” ).
  2. (as a consequence of #1) Asks for a password @ bootup.

I’ve managed to set it to the encrypted partition, however because the system does not have access @ boot to the volume (because it has not ASKED) it makes another home dir where it pleases. (/)

Thanks.

Which way of encryption do you use? How exactly did you set it up?

Please note that /home/$Username != /home-partition.

And are you sure it asks for the password at boot and not at login of joe?

It uses LUKS.
The partition was encrypted at installation (of suse) by the installer of course.

I’m aware that my home partition is going to be /home/myusername/, but i’m not certain if that is what you were trying to explain ^_~

I had that being the case up to yesterday (where I disabled it), or removed the entry from cryptab rather.
(Yes) - it would ask me for the pw of the encrypted pw prior to GUI login prompt (or term for that matter). It does this in the colorful term1. :slight_smile:

So basically, the idea is for encrypted partition x, to be mounted @ boot (hence ask for its PW), AND have the system work with a “home” directory on that partition,

I think i’ve more or less figured it out.
I’m now just going to tell the system to set up my /home in that encrypted partition. (via user management)

Seeing that I can get it to mount the partition @ boot now,it SHOULD work.

Of course - the question now is if the system needs to work with a home directory earlier on in the bootup process than where X KDE GUI login comes into play (?).

If that is the case, then it would need to work with a home dir BEFORE my partition (containing the one I want to use) is accessible - which would thwart my lil theory.

Foresee any problems?
(nb - I’m getting “segmentation fault” errors from THIS account now :slight_smile:

Can I ask, are you talking about only 1 partition? On the one hand I infer that you started with a working encrypted home and you now want another. On the other, you disabled the first and want to redo it.

I don’t think multiple ‘home partitions’ would work. The root / with the linked ‘home’ can only point oncewhere, so-to-speak. (I don’t know about multi-user LANs)

You’re correct about the boot process, with an install-time encrypt setup, will ask for the password and in fact the scrolling msgs will show that the correct locale and keyb fonts are loading before it asks.

It’s only going to “work with a home directory earlier…” as you say in that it ‘knows’ there’s a partition to be used but the code in there, plus the mkinitrd I guess, runs the luks stuff and sees what a filesystem it has for a file system check before getting to a GUI login.

I’ve seen this routine whether going to an init3 or init5 (gui) bootup.

An encrypt setup post-install I’ve found doesn’t do that - the locale gets set after the password/mount. I’m not sure about you having already done an encrypt and redoing one. Possibly the mkinitrd already ‘knows’ to run the locale/kb before asking for password.

As for the segmentation fault. Too techie :slight_smile: Although I have a deep memory recall that when testing with some strange partition layouts, multi-disk, that some misconfig somewhere brought on errors like that.