Announcement

Collapse
No announcement yet.

encrypting swap with ecryptfs when multiple users present

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    encrypting swap with ecryptfs when multiple users present

    First things first, I'm actually using KDE Neon, but I figure this question applies equally to any *buntu distro and it's more likely to be seen in this forum. Admins, feel free to move the thread if you think it's inappropriate.

    I have 2 users on my system, a "personal" and a "work" account, both with admin privileges.
    I've just finished encrypting the home directory of my "work" user, with ecryptfs-migrate-home.

    I want to encrypt swap as well for better security, but I have a concern: If I encrypt the swap, will my "personal" user be unable to access swap unless "work" has already decrypted it by logging in?

    As far as I'm aware, the same swap partition is shared between both users. I read that all users can access encrypted data once it's been decrypted by the owner logging in, but I don't want to have to log in to "work" first every time because most of the time I only want to login to "personal".

    Also, is there any reason why I can't also encrypt the home directory of my "personal" user? Would a good solution be to encrypt swap from my "personal" account, since I'll always be logged into that before logging into "work"?

    I hope all this makes sense.
    "Stella", HP Pavilion 15-ak006TX: KDE Neon User Edition dual-booted with Windows 10, 8gb RAM, Intel i7-6700HQ CPU, NVIDIA GeForce GTX950M graphics, 2 TB hard drive

    #2
    I'm not an ecrypt user, but I believe you can manually mount any encrypted folder if you know the passphrase. Assuming that is true, you could write a script to automatically mount the other user's folder when you log in.

    swap is a different matter - it is set up differently than private folders: https://help.ubuntu.com/community/En...hEncryptedSwap

    As far a positing here vs. Neon - this is the right place. The KDEneon sub-forum is for Neon specific issues and this is not neon specific, so you're good.

    Please Read Me

    Comment


      #3
      Thanks for your help. Just to clarify, the hibernation issue is not a problem for me because I only ever use suspend, which according to the ecryptfs-setup-swap manpage is unaffected (I hope this is still true).

      I read the link you posted and did some other research as well, but I'm still confused about how swap encryption works. If it's not encrypted with a fixed password, how can ANY user access it? Does typing in your login password have anything to do with decrypting the swap partition? I think I'm fundamentally misunderstanding something here, and I can't seem to find an explanation...

      p.s. I have 8gb of RAM and swap rarely gets used, and when it is used, it's only a small amount. If something goes wrong and I don't have access to swap anymore it probably won't cause any major problems.
      Last edited by dbaker; Sep 15, 2017, 06:56 PM.
      "Stella", HP Pavilion 15-ak006TX: KDE Neon User Edition dual-booted with Windows 10, 8gb RAM, Intel i7-6700HQ CPU, NVIDIA GeForce GTX950M graphics, 2 TB hard drive

      Comment


        #4
        UPDATE:
        I decided to go ahead and run ecryptfs-setup-swap from my "personal" user account, as I figured I have enough RAM to be able to do without swap on the other account if it goes wrong.

        Well, I had to reboot before the newly-encrypted swap was accessible (this seems to be normal??) but now I appear to have perfectly functioning swap again, ACCESSIBLE BY ALL USERS. I still haven't the faintest idea how this works but I'm happy with the outcome.

        If anything changes I'll post another update but for now I'm marking this thread as solved.
        "Stella", HP Pavilion 15-ak006TX: KDE Neon User Edition dual-booted with Windows 10, 8gb RAM, Intel i7-6700HQ CPU, NVIDIA GeForce GTX950M graphics, 2 TB hard drive

        Comment

        Working...
        X