Linux Magazine: Ubuntu Encrypted Home

October 22, 2009

Back in April, Linux Magazine ran what I considered to be an inaccurate account of the OS-level security provided by our Ubuntu Distribution. Your Distro is Insecure: Ubuntu.

Frustrated with the piece, I blogged this in return: Your Article is Incorrect: Linux Magazine.

Following that post, I had a very constructive, private email conversation with Linux Magazine editor, Bryan Richard. We discussed a number of different ways that Canonical/Ubuntu might be able to respond to their previous article, which caused quite a stir on Ubuntu’s public mailing lists.

I’m very pleased with Bryan’s response. He invited me to author an article focusing on the security features that are available in Ubuntu. The result was published earlier today, focusing on Ubuntu’s Encrypted Home Directory feature, which is rather unique among Linux distributions: Ubuntu’s Encrypted Home Directory: A Canonical Approach to Data Privacy



5 Responses to “Linux Magazine: Ubuntu Encrypted Home”

  1. Steffen Sindzinski Says:


    great article. But the thing with the encrypted backup I don’t understand. If I make a backup with my normal user the data is stored non-encrypted. Only as super user or special backup user it is encrypted. Right?


  2. Jef Spaleta Says:


    Uhm not exactly. Once you are logged in you can backup both the encrypted and unencrypted versions of files depending on which location in the filesystem you read from. Page 3 of the article covers this.

    The traditional unencrypted home directory for user “foo” doesn’t exist until foo logins and eCryptfs is used to make the home directory mount point. But the encrypted version of the files can always be backed up..even by user “foo” who owns the files.


  3. Steffen Sindzinski Says:

    Hi Jef,

    You mean a backup of ~.private? But if I backup this folder I only see encrypted file and folder names. If I only want to backup for instance my Documents/Work folder I can’t select in this folder. If you have a solution please tell my. I’m only a normal user and maybe I don’t see the obvious solution. Actually I am using rdiff-backup and a luks encrypted external hard drive.

    By the way: I’m using an encypted home since Jaunty without having any problems. Thanks a lot!

  4. Jef Spaleta Says:


    I think your new comment describes a different scenario than your first comment so I’m not sure I can give you an answer that makes sense because I’m no longer sure I understand what you want to know.


  5. Jon Eliot Says:

    Encrypted home, wonderful. Thank you for the clear and instructive article

    Where I really need encryption is on a pendrive Ubuntu installation. Home directory encryption does not work out of the box on a pendrive created with the desktop utility on the menu item “USB Startup Disk Creator” on 9.10.

    Booting from the pendrive, the command “adduser –encrypt-home foo” creates a home directory which is encrypted, but the new user cannot log in. The login process hangs in some gdm “worker” routine, and the login screen reappears. The gdm process for the new user is still there when another user logs in.

    Would this perhaps be different if running usb-creator from the command line and adding the option “–safe”? Can’t find what the –safe implies.

    Rgds, Jon Eliot

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: