3

I had my home folder encrypted during installation by checking "Encrypt my home folder".

Now, I'd like to reinstall the system, but reuse this home folder.
(I have 2 separate partitions for / and /home. The former is formatted during the reinstall, the later - unformatted and reused. Been using this method without encryption for years - no issues.)

It seems that Ubuntu does not take care of it automatically.

Removing encryption and encrypting everything once more sounds incredibly workaroundish. Depending on how you perform it, it could also leave out temporary unencrypted data ready to be recovered with recovery tools. Even when discarded after the migration process.

[Meta] Possible duplicate:

To all of folks that suggest that this is a duplicate of Why can I not deselect "encrypt my home folder"?:
Well, yes. That thread resolved my problem.
However, I did some research prior to posting this (which I always do) and the answer was nowhere to be found.
That's because I never saw the bloody form with encryption options disabled.
That's because I did some thinking on 'How will I migrate my encrypted $HOME?' before I actually got down to reinstalling and potentially carelessly loosing my data. 1
I sincerely hope there's more like-minded, precautious folk out there (if not, humanity is doomed).

IMO they will find this doubt reworded as "Reusing encrypted home …" helpful.
That's my opinion, however, it's up to you what you do with this thread.
After all, the reputation score is the ultimate measure of one's right.
Isn't it?

1: Yes, I do have a backup. Still, why resorting to backup when you can easily preserve your original data?

vucalur
  • 266
  • run dd, shreader or other freespace erasing program over the partition that had the unencrypted data after you have completed your migration and deleted the files. Overwriting the drive will prevent recovery – ravery Oct 25 '17 at 14:27
  • The above notwithstanding, I must add that if you reinstall using the same username/password it usually works the same way as without encryption. –  Oct 25 '17 at 14:28
  • @MichaelBay - I agree, but, "usually works" causes data loss with encryption. – Panther Oct 25 '17 at 15:29
  • It usually does not cause data loss. And you should have a backup. Always. Not just when upgrading. – user334639 Oct 25 '17 at 15:31
  • @Panther My sample size is 1, statistically irrelevant, but I lost nothing in the process. –  Oct 25 '17 at 15:32
  • @vucalur - When you are using encryption you should have a working back up period. Make a back up of your data in a .tar archive and then encrypt the archive. Second, your data is decrypted as long as you are logged in so you might want to consider using LUKS . Personally I would make a back up of your data, encrypt the archive, do a fresh install of 17.10, and restore your data. And yes, encryption is a bit of a pain and takes a few extra steps. The extra steps are worth is as if your encryption fails there is no data recovery. – Panther Oct 25 '17 at 15:33
  • @MichaelBay Exactly. If there is a problem, there is no way to recover the encrypted data so IMO you need to be very careful when using encryption and make sure you have a backup. If the data is important enough to encrypt, it is important enough to have a working encrypted backup, period. – Panther Oct 25 '17 at 15:34
  • @Panther I agree entirely, backups are as butter to French cuisine. And in my case no, the data wasn't worth encrypting. I decided to have home encrypted just to try it. Later, when reinstalling, reused home and the same authentication as before, everything was there, and it make sense that it happens. What would cause loss of data here? Again, butter. Whole drive encryption is different, other tools and several additional steps are required but once you have it unencrypted then it should be possible to install/reinstall and reuse /home as usual. Again, butter is always required. –  Oct 25 '17 at 15:44
  • Please stop the "wisdom" regarding backups. No one said they don't do backups, nor is this the topic of the question. – vucalur Oct 25 '17 at 16:07
  • I thought that having the same username-password combination was an obvious requirement and the problems described under the first link were happening despite fulfilling it. We can either close as unconstructive (or some other reason) or answer. I think that more Linux users will have similar doubt. What do you say? – vucalur Oct 25 '17 at 16:17
  • Without the backup advice, your question is a duplilcate - https://askubuntu.com/questions/662603/how-to-reinstall-ubuntu-and-preserve-home-directory – Panther Oct 25 '17 at 16:17
  • 2
    Possible duplicate of How to reinstall ubuntu and preserve home directory – Panther Oct 25 '17 at 16:17
  • Jesus, @Panther, how is that a duplicate? It does not even mention encryption. – vucalur Oct 25 '17 at 16:21
  • @vucalur - encryption can fail for any number of reasons and just because on e user ran into a problem is not a reason to conclude "Ubuntu does not take care of it automatically" . It is going to be dependent of what version you are going from -> to , if ecryptfs of home has changed in some way, etc. If you have a problem, file a bug report. – Panther Oct 25 '17 at 16:21
  • encryption does not fundamentally change the process, it merely adds one more potential point of failure. There are no additional steps required in the installation process, there is no additional dialog or input within the installer to manage the encrypted home when preserving home. You run the installer exactly the same with the exact same user input and hope for the best. – Panther Oct 25 '17 at 16:25
  • From the comments, again this is likely a duplicate, but the OP has shifted the question a bit, see https://askubuntu.com/questions/291986/why-can-i-not-deselect-encrypt-my-home-folder – Panther Oct 25 '17 at 16:46
  • Possible duplicate of Why can I not deselect "encrypt my home folder"? – karel Oct 28 '17 at 08:45

2 Answers2

0

IMHO if your data is important enough to encrypt it is important enough to backup and you need a backup strategy for encrypted data.

You can start with this (run from home directory):

tar -cvpzf backup.tar.gz \
 /home/.ecryptfs/*/.ecryptfs \
--exclude=./backup.tar.gz \
--exclude=./.gvfs \
--exclude=./.cache \ 
--exclude=./.local/share/Trash ./

You may be able to exclude additional items in $HOME, up to you. Canidates for exclusion might include .thumbs and .themes and .icons. Alternately you can only include the data you want 

cd ~
-cvpzf backup.tar.gz Documents Other_directory 1 Other_directory 2 ./

Note: /home/.ecryptfs/*/.ecryptfs is your configuration , take care when restoring the archive, you may wish to skip that file or back it up separate.

Then encrypt

gpg -c backup.tar.gz

To decrypt 

gpg -d backup.tar.gz.gpg

Check the backup works, then, rm backup.tar.gz

Better you can script the whole process ;)

With a working backup you can try upgrading or installing preserving $HOME and if it fails for any reason, fresh install and restore from backup.

How to reinstall ubuntu and preserve home directory

When you reinstall, use the same UID and password as with your current install.

You should see a dialog as you install . Notice how the installer is recognizing your previously encypted home and the dialog to select encrypt home and automatic log in are greyed out:

enter image description here

IMHO the biggest "problem" with encryption is people forget they need an encrypted backup in the event of failure, it is not if you will have a system failure, but when it happens, are you prepared with a working backup.

Panther
  • 102,067
-1

Short:

The suggestion was wrong.
Ubuntu DOES take care of that automatically.

Long:

I mistakenly assumed that the problems described under the first link were happening despite using the same username and password combination.

It seems that some other combination was used, and a fresh install reuses encrypted $HOME quite seamlessly.

Encryption options will be disabled during the reinstall process:

enter image description here Kudos to @Panther for showing me the thread about disabled encryption options in a comment below.

vucalur
  • 266
  • 1
    This is not an answer and you should update your question rather then posting additional information an "answer". – Panther Oct 25 '17 at 16:42
  • The installer should take care of this automatically - https://askubuntu.com/questions/291986/why-can-i-not-deselect-encrypt-my-home-folder . If it does NOT I would make a backup prior to installing. – Panther Oct 25 '17 at 16:46
  • Please take a look at my second comment to the post with the question. I think more users will have this very doubt: "Does Ubuntu handle encrypted home folder seamlessly during reinstall?". Pardon me, but this is NOT straight-forward, "fundamentally same" process. If that's not the answer, than nothing is. – vucalur Oct 25 '17 at 16:47
  • The "problem" is you are making an assumption. The installer handles an encrypted home seamlessly. https://i.stack.imgur.com/nhPyL.png . Notice how the encrypt home and automatic log in are greyed out. It can fail. Or you may have found a bug. Regardless, other than a back up, there is nothing further required from you other than what is outlined in https://askubuntu.com/questions/662603/how-to-reinstall-ubuntu-and-preserve-home-directory . – Panther Oct 25 '17 at 16:51
  • 1
    @Panther this is very helpful. Thanks! That is in fact more relevant to the post than the duplicate suggested earlier. I think that the question should not be closed as a duplicate. Users that are a bit more cautious will do some research prior to reinstalling and (hopefully) find information here useful. They will never see the form with encryption options disabled, unless they decide to give it a shot and see what happens. "it" = careless reinstalling. – vucalur Oct 25 '17 at 16:56