Email or username:

Password:

Forgot your password?
Top-level
Sam Thurston :verified:

@eloquence

> Encrypt user home directories individually

Why though? This seems like a terrific way to make stuff unrecoverable.

8 comments
Erik Moeller

@samthurston

I don't think that's necessarily the case, but I do agree of course that the recoverability story is really important for all encryption features, whether full-disk or home directory level. @sonny may be able to provide more detail on the specific goals.

Sonny

@eloquence @samthurston

Why encrypting home directory individually rather than say full disk encryption?

1. Keep users safe from each others
2. Improve the user experience and encourage adoption

The design team is looking at the options for recovery.

Sam Thurston :verified:

@sonny @eloquence is this a *desktop environment* level function though?

Will Thompson

@samthurston @sonny @eloquence the idea AIUI is to use systemd-homed. But you need desktop environment-level support so that you can set it up & recover in case of emergency without having to be able to operate a command line.

(Not my project, I'm just a spectator!)

Sam Thurston :verified:

@eloquence @sonny as an admin, if I want to protect users from each other I set appropriate permissions. As a user if I have data that needs to be protected from other users I encrypt it.

Landa

@samthurston most potential new users probably don’t have your skill and competence to
(a) know that anything needs protection at all
(b) decide what needs protection
(c) do it correctly

@eloquence @sonny

Go Up