This text describes an easy method to encrypt your home directory using EncFS.
Lets assume you are user john with home directory /home/john using bash as shell and console login.
- Login as root
- Emerge sys-fs/fuse, sys-fs/encfs to be able to create an encrypted directory and app-misc/secure-delete or app-misc/srm for safe deletion of our unencrypted files.
emerge -av fuse encfs secure-delete
If fuse refuses to build because "your kernel is too new", goto /usr/src/linux, type
and check for the following setting:
File systems ---> <M> Filesystem in Userspace support
If it doesn't exist, save and enter
make && make modules_install
- Make sure that FUSE is working. Try
- Check if /dev/fuse has been created, then create a group to allow users to use this device, let's call the group 'fuse':
- Then change the group of the device:
chgrp fuse /dev/fuse
- Finally any user that is going to use the fuse device should be part of the 'fuse' group, let's do it for the user john (you have to logout and login from the user for the changes being applied):
usermod -G fuse john
- Create a directory where the crypted data will be stored and a temporal mount point for it.
mkdir /home/john-crypt /home/john-mnt chown john /home/john-crypt /home/john-mnt chgroup john /home/john-crypt /home/john-mnt
- Login as user john.
- Create a new crypted directory in /home/john-crypt and mount it to /home/john-mnt:
encfs /home/john-crypt /home/john-mnt
You are asked for expert mode (x) or a predefined paranoia mode (p). p should be enough for now. Then you will be asked for the password/passphrase. Use a safe and long passphrase. Good news is, that you can change the password with encfsctl if you want to do so. Other cryptosystems don't have the possibility to change the password.
- Copy all files from your unencrypted home directory to the new crypted directory and securely delete the remaining unencrypted files. This may take some time, secure deletion is IO itensive.
cp -R /home/john/.[a-zA-Z0-9]* /home/john-mnt cp -R /home/john/* /home/john-mnt srm -r /home/john/.[a-zA-Z0-9]* /home/john/*
- Append this line to the file /home/john-mnt/.bash_logout (create it if it does not exist).
cd / && fusermount -u /home/john
- Unmount the crypted directory.
fusermount -u /home/john-mnt
- Login as root.
- Remove the temporal mount point.
- Login as john.
- Create .bash_profile in /home/john
encfs /home/john-crypt /home/john -- -o nonempty && cd /home/john [[ -f ~/.bashrc ]] && . ~/.bashrc
Done! When john now logs in, he gets an additional password prompt and his crypted home directory is mounted automatically. When he logs out, it will be unmounted.
Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.