On Tue, Jan 5, 2010 at 1:18 AM, Li, Yan <[email protected]> wrote: > Is there such a tool / script that can encrypt an user's existing > home? With such a tool a user can choose to encrypt s/he's current > home. My idea is that the user writes a tag somewhere and reboots the > machine, on next boot process the tag is detected and user's home is > encrypted before any user processes running. > > I can't find it and I'm writing one (in bash). Is such a script useful > to the public? Or shall I write it in any other language that upstream > prefer?
Hi Yan Li- All of the instructions and commands should be clearly described here: * http://blog.dustinkirkland.com/2009/06/migrating-to-encrypted-home-directory.html I would absolutely *love* a script that could do this, and would *welcome* it into the upstream ecryptfs-utils project. I think I would prefer it written in POSIX shell script, as all of the operations are ultimately shell operations. However, you could alternatively write it in Python or C. Those would be my preferences, in that order (Shell, Python, C). Now, for safety's sake, I strongly insist that the user should *not* be logged into the system while this migration happens. So let's call the tool, /usr/sbin/ecryptfs-encrypt-home, for instance. On an installed system, it should only be run by the root user, targeted at another user's home directory, and the root user will need to know (or reset) the non-root-user's password, and would need to ensure that the target user is not logged in. It should also be usable from a LiveCD distribution, such as the Ubuntu Desktop LiveCD. This would be the safest, and recommended way of doing this, in my opinion. As for the reboot approach, I'm not too sure how that would work. If that's the approach you'd really like to take, give me a little more detail on how that would shake out. If you'd like to discuss this further, I would be happy to help guide you. We can continue this either in email, or in IRC on #ecryptfs at irc.oftc.net. Cheers! :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
