On 28/11/2023 00:09, Pocket wrote:
mount /dev/sdd1 /home/fscrypt
fscrypt setup
fscrypt encrypt /home/fscrypt
I am unsure if it is possible to use fscrypt for whole filesystem since
it needs .fscrypt unencrypted. ext2 driver might need access to
lost+found even when directories are locked. Encrypting a whole
partition is a LUKS realm.
As a sanity check, does it work for a subdirectory?
mkdir /home/fscrypt/tst
fscrypt encrypt /home/fscrypt/tst
If your are going to create a portable home directory for a specific
user then you may face a number of issues. *Login* protector is stored
in /.fscrypt, not on the mounted partition, see the fscrypt README.md
file. Another problem is locking on logout because pam_fscrypt locks the
directory immediately on logout, but systemd user session is still
running at this moment (UserStopDelaySec=10 in /etc/systemd/logind.conf).
- <https://github.com/google/fscrypt/issues/95>
Implement automatic unlocking though a systemd service
- <https://github.com/systemd/systemd/issues/8598>
systemd-user doesn't properly close its PAM session
systemd-homed has another idea of managing per-user encrypted
directories, but I have not tried it.
https://systemd.io/HOME_DIRECTORY/
