Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




openSUSE 11.1 Reference Guide
Previous Page Home Next Page

36.2 Using Encrypted Home Directories

To protect data in home directories against theft and hard disk removal, use the YaST user management module to enable encryption of home directories. You can create encrypted home directories for new or existing users. To encrypt or decrypt home directories of already existing users, you need to know their login password. See Section 5.0, Managing Users with YaST, (↑ Start-Up ) for instructions.

Encrypted home partitions are created within a file container as described in Section 36.1.3, Creating an Encrypted File as a Container. Two files are created under /home for each encrypted home directory:


The image holding the directory


The image key, protected with the user's login password.

On login the home directory automatically gets decrypted. Internally, it is provided by means of the pam module pam_mount. If you need to add an additional login method that provides encrypted home directories, you have to add this module to the respective configuration file in /etc/pam.d/. For more information see also Section 19.0, Authentication with PAM and the man page of pam_mount.

WARNING: Security Restrictions

Encrypting a user's home directory does not provide strong security from other users. If strong security is required, the system should not be shared physically.

To enhance security, also encrypt the swap partition and the /tmp and /var/tmp directories, because these may contain temporary images of critical data. You can encrypt swap, /tmp, and /var/tmp with the YaST partitioner as described in Section 36.1.1, Creating an Encrypted Partition during Installation or Section 36.1.3, Creating an Encrypted File as a Container.

openSUSE 11.1 Reference Guide
Previous Page Home Next Page

  Published under the terms fo the GNU General Public License Design by Interspire