0

New installation (lubuntu 16.04.3 LTS)

I have a user lets call it me and a second user that I'm using to test what follows, named temproot.

First experiment:

  • turn on laptop

  • log in with temproot

  • sudo ls -lah /home/me

It's encrypted it! Great.

Second experiment

  • turn on laptop

  • log in with me

  • I can access my own Home, great.

  • log out with me

  • log in with temproot

  • sudo ls -lah /home/me

I can still access /home/me?? Shouldn't encrypted folders be unmounted on log out?

Zanna
  • 70,465
oneloop
  • 101

1 Answers1

1

Encrypted home

Yes, encrypted folders should be unmounted on log out, but there is a bug. So you have to shut down or reboot the computer to get rid of the information 'inside the encrypted home'.

Encrypted disk alias LVM with encryption

I think 'encrypted disk' alias LVM with encryption is a better method, if you want high security. There is an easy way to get a system with 'encrypted disk': select this option during the installation. See this link (with instructions from the QA testing tracker),

Install (entire disk with lvm and encryption) in Ubuntu Desktop amd64 in Xenial Daily

Check 'Encrypt the new Ubuntu Installation for security' and 'Use LVM with the new Ubuntu Installation'

sudodus
  • 46,324
  • 5
  • 88
  • 152
  • Thanks, but why is this any better than ecryptfs? If there's a bug that should be unmounting in logout and isn't, couldn't the same be true for full disk encryption? – oneloop Oct 06 '17 at 16:03
  • Well, it is evident, that everybody, who knows the passphrase to unlock the encrypted disk (LUKS encryption), will also have access to the data. So in a sense, this is a one-user system. You are not getting any false impression of an extra security barrier between different users. Furthermore, there has been problems with encrypted swap, that belongs to encrypted home. This problems does not affect encrypted home. – sudodus Oct 06 '17 at 16:19