On Mon, Jun 02, 2014 at 11:54:52AM +0100, Neil Bothwick wrote: > On Mon, 02 Jun 2014 12:06:18 +0200, Alan McKinnon wrote: > > > If you encrypt your home directory then you unlock it when you log in so > > logging out of your DE safely locks things again.
I encrypt my home partition with LUKS and enter a passphrase during boot. But I always wanted to get decryption upon login running, especially because it would require me to enter one less password. But haven’t gotten around to that yet. > > You most likely want the second option, the odds that you have a valid > > need to protect /usr and /opt are not good. As a regular user out there, > > the stuff you want to protect is in /home (or you could easily move it > > to /home). > > With one notable exception. There is sometimes sensitive information > in /etc, like wireless passwords. For that reason I put this stuff into /home/etc/$hostname/ (I back up my machines’ /etc on all other machines, also to have a reference if I need to know “How did I do this on $other_host?”). And then I symlink to that from the real location, i.e.: $ ls -ld /etc/wpa_supplicant lrwxrwxrwx 1 root root 29 28. Mär 21:02 /etc/wpa_supplicant -> /home/etc/hostname/wpa_supplicant/ Cryptsetup comes early enough in the boot process for this to work (both with OpenRC and systemd). -- Gruß | Greetings | Qapla’ Please do not share anything from, with or about me on any social network. I just took an IQ test. The results were negative.
signature.asc
Description: Digital signature
