Encrypted home on multiuser system

The goal

• Encrypted home partition of selected user.
• Nice gnome integration. Only one additional window while that user logs in. Automatic locking up the partition after logout.
• No changes visible to other users of the computer. Their login procedure shouldn't change at all.

Solution

I'm using Ubuntu, if you prefer other distribution you may need to adjust some details.

If you find any problems, please mail me.

1. Install required packages

   apt-get install cryptsetup
   apt-get install zenity
   

2. Encrypt swap partition
3. Prepare your home partition. Cryptsetup will ask for a passphrase - make sure it's shorter than 32 characters. You can of course change cipher specification string, and filesystem type.

   dd if=/dev/random of=/dev/my_home_partition
   cryptsetup create --cipher=aes-cbc-essiv:sha256 -y my_home /dev/my_home_partition
   mkfs.xfs /dev/mapper/my_home
   cryptsetup remove my_home
   

4. Copy my sezam script to /usr/local/bin/sezam
5. Edit/usr/local/bin/sezam. Find the first case statement and change user to your user name.

   case "$USER" in
       user)
   	DEVICE=/dev/user_home_partition
   	;;
   

6. Edit /etc/gdm/PostLogin/Default

   #!/bin/sh
   
   /usr/local/bin/sezam open $USER
   exit $?
   

7. Edit /etc/gdm/PostSession/Default. Add the following line just before end of script

   ...
   /usr/local/bin/sezam close $USER &
   exit 0