I have an Ubuntu 17.10 laptop, with users A and B. There are encrypted home directories /home/A
and /home/B
for the two users. These are set up using Ubuntu's default encrypted home directory mechanism (ecryptfs?).
The laptop has another hard disk, which is currently unused and not mounted. I want both users to be able to use this disk, so I want to set up a /home2
folder on this disk, with folders /home2/A
and /home2/B
in it, owned by the two users respectively. Ideally I'd like that /home2/A
should be encrypted, with the same credentials as /home/A
, and should be auto-mounted when user A logs in, just like /home/A
is. And the same for B.
This seems like a completely natural way to use an additional disk just like one would use one's primary disk, in a multi-user scenario. How does one do this?
I tried searching for this but most answers I found talk of full-disk encryption, which is not suitable for a multi-user environment.
I have a similar setup in my computer with an external drive and it's been working fine for a while.
This steps are based on rcoup's answer to this question, but a more GUI-like procedure is used.
It's been checked to work with Bionic Beaver 18.04
You might come across a few problems due to this bug. It only affects the manual mount, but not the automount proposed here.
To be allowed to do administrative operations with nautilus, you need to have the extension nautilus-admin installed
Then, follow these steps:
1) Open GParted, Right click the partition you want to use as Home2, Information, Copy its UUID.
2) Using Nautilus, navigate to Other locations, Computer, etc.
3) Right click the file fstab, Edit as administrator, Add the line
Save the file
4) Navigate to Other locations, Computer, mnt.
5) Right click blank space, Open as administrator.
6) On the admin nautilus window that opens up, right click blank space, New folder, Home2.
7) On GParted click GParted, Refresh devices. Check that the mount point /mnt/Home2 shows up for your partition.
8) Still on GParted right click that partition, mount on, /mnt/Home2. There should be a key showing that the partition is mounted. Close GParted.
9) On the admin nautilus window navigate to Other locations, Computer, mnt, Home2.
10) Right-click blank space, New folder: .Private-A, Hit Ctrl-H to see hidden files.
11) Right click .Private-A, Properties, Permissions, Group: , Close admin Nautilus.
12) On regular Nautilus: Navigate to your home folder, Right click blank space, New folder: Home2.
13) Navigate to .ecryptfs (there's a symlink in your home folder). Right click Private.sig, Copy, Right click blank space, Paste.
14) Right click the newly created file 'Private (copy).sig', Rename: Home2.sig
15) With the Text editor, create a new document containing this line:
Save it as Home2.conf in your .ecryptfs folder.
16) Open Gedit and create a new text file /home/your_user/.local/bin/automount_ecryptfs.Home2 with the following content:
17) Navigate to this file with nautilus and right click on it, Permissions, Allow executing file as program.
18) Open the file .bashrc in your home folder, and add the lines:
In the dash, open 'Startup applications', Add, Name: Automount Encrypted Folder, Command: /home/your user/.local/bin/automount_ecryptfs.Home2, Save
Reboot the computer
You can do the same with the other user. Just repeat the steps from #9 on and use the name .Private-B for the lower folder instead.