26

Just wondering if I use ecryptfs to encrypt my /home folder

sudo ecryptfs-migrate-home -u username

Can another user with root privilege change my password, then login my account using the new password see my encrypted /home?

If I change my own password, I suppose I can still access my encrypted /home , how is it different from root changing my password and login as me?

albertma789
  • 417
  • 6
  • 9

2 Answers2

32

Short answer: Yes and no.

Can root see my encrypted /home folder?

Yes. As long as you are logged in, root as well as any sudo user can see your decrypted files. Also, when you wake up from sleep, your /home will still be decrypted.

Also there is a bug in ecryptfs that prevents unmounting the decrypted /home folder at logout. You should instead shutdown or restart the machine or manually unmount the folder from another sudo/root user. See this question for more information.

Can another user with root privilege change my password, then login my account using the new password see my encrypted /home?

No. Your /home folder is not encrypted with your password, but with a passphrase which is encrypted with your password. Another user changing your password will not affect the passphrase.

At the first login after an administrative password change, you have to mount your encrypted home manually and rewrap the passphrase. For these tasks you need your old and the new password

ecryptfs-mount-private
ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase

When you change your password, the home directory passphrase is re-encrypted with your new password, so you should have continued access to your files with the new password. This is handled via PAM (Pluggable Authentication Modules) (via).

See this related question.

pLumo
  • 26,947
  • 10
    There is an issue with ecryptfs and systemd. Once a user is logged in and the home folder is decrypted, it stays that way whether that user remains logged in or they log out. The only way to re-encrypt the home folder is to restart the system. This bug hasn't been fixed yet. – Stormlord Sep 04 '18 at 11:02
  • @Stormlord Couldn't another [root/sudo] user just umount the logged out user's left-mounted home? My Debian system doesn't have that bug, so I can't test it, but when an eCryptfs encrypted home user is logged in they have an extra "type ecryptfs" mount, just umounting it should be sufficient. – Xen2050 Oct 02 '18 at 07:30
  • yes, that is indeed sufficient. – pLumo Oct 02 '18 at 08:12
  • This is misleading. Root can do anything they want including tricking other users by means of trojan style prompts, logging everything etc. See my answer for detail. – John Hunt Mar 25 '19 at 11:29
  • True. Anyone with physical access could do this too unless you have full disk encryption. But this is imo not what the question is about. This, and I did not want to copy from your still valid answer ;-) – pLumo Mar 25 '19 at 11:58
12

The only answer: yes. The root user of a system could easily install a keylogger or other software to silently record your passphrase - they then have complete access to all your files and without you knowing if they so choose.

The root user of a system can do everything on that system. They essentially own all the data associated with it too. UNLESS your data was encrypted on a different system and then brought over and you didn't decrypt it but I don't think we're talking about that are we.

John Hunt
  • 280
  • 1
  • 6
  • 5
    They could even modify the encryption software so that it hands over the key, or copies decypted files to /root or whatever.. there's no limit to what they could do. – John Hunt Sep 04 '18 at 12:11