Wednesday, August 11, 2010

Howto: disable eCryptFS

Encrypting your disk is usually a good idea and eCryptFS (aka Ubuntu Encrypted Home) clearly has some advantages over the competitors. It's also easy to implement on an existing system. But, if for some reason you want to decrypt your home directory, you won't get a one-click solution. The process is quite simple if you feel comfortable working with command line.


I'll use /home/igor as an example, replace it with your home directory.


1. Prepare another user account.

Either unlock your root account (sudo passwd root) or create another user account and let it use sudo. I've chosen the first option because a root account is useful for recovery if anything goes wrong.


2. Logout from your desktop environment, switch to console (Alt-Ctrl-F1)


3. Login as root or as another user.

This is critical - you can't be logged in on your regular account. Type 'mount' and see if it shows a line similar to this one:

/home/igor/.Private on /home/igor type ecryptfs (ecryptfs_sig=...)

It shouldn't be present. If it is, try 'umount /home/igor'. If it fails, you probably have a session still loged on or one of your applications is still running. If you can't find it, try rebooting and switching to console without ever logging in.


4. Edit file /home/.ecryptfs/igor/.ecryptfs/Private.mnt

Change the line /home/igor to /home/igor/Private


5. Create Private directory and make it belong to your regular account


mkdir /home/igor/Private
chown igor.igor /home/igor/Private



6. Reboot the computer

After the reboot, everything that was in /igor/home directory, is now in /igor/home/Private. There's only one step left.


7. Move the files

Switch to console, login with your regular account. Move the files:


shopt -s dotglob
mv Private/* .

First command is very important - it'll make sure that files beginning with dot will also be moved. Second one ends with dot - don't miss it!
8. Uninstall eCryptFS or leave it as it is

At this point, eCryptFS encrypts your ~/Private directory instead of your home. You can leave it for confidential files, or if you want to get rid of eCryptFS, do:

sudo apt-get remove ecryptfs-utils
o 11:49 AM
Etykiety: , , , ,

3 komentarze:

  1. Thanks a lot for this HOWTO! It works and is very very helpful.

    Greets from Germany
    Hans

    ReplyDelete

  2. Works beautifully, but when moving the files, mv copies everything first before removing the originals, thus requiring you to have less than 50% filesystem usage when moving.

    ReplyDelete

  3. Make sure that you have /home/igor writeable otherwise it won't work.

    ReplyDelete

Subscribe to: Post Comments (Atom)