It is pretty easy to access your unencrypted data, if someone have physical access to your computer.
That is where ecryptfs encryption comes in. It will make sure your laptop, if lost or otherwise accessed by unauthorised user, is harder to extract data from.
When encrypted,data cannot be accessed unless user has entered proper login key, or unlocked via ecryptfs-mount command.
Some caveats: When user logs in, the encrypted homedir is unlocked, making user homedir accessable for root or wheel users, and will remain so untill reboot/shutdown.
Swapspace can also be encrypted,this though, will disable hibernation ability.
Make sure ecryptfs is installed. Add user to group ecryptfs, encrypt homedir.
Log in as root
- dnf install ecryptfs-utils
- sudo usermod -a -G ecryptfs user
- sudo ecryptfs-migrate-home -u user
Log out root. NOT REBOOT
Login as user and run:
- ecryptfs-unwrap-passphrase
When user/data is checked, and all is present, remember to delete the /home/user-?????? folder that was made as backup
Recommended to encrypt swap partition.
- ecryptfs-setup-swap
- reboot
To recover an encrypted homedir, login as root/wheel user, run ecryptfs-recover-private, enter passphrase, navigate to /tmp/ecryptfs.xxxxxxxx