49

If I have selected a good password and kept it secret, what is the point of encrypting my home directory, as a setup option with some flavors of Linux offer during setup?

Won't the Linux permissions keep unwanted eyes away from my stuff?

Peter Mortensen
  • 877
  • 5
  • 10
Jon Wadsworth
  • 672
  • 1
  • 5
  • 12
  • 52
    Encryption protects you from data leak when your disk is stolen. – Aria Aug 31 '16 at 20:57
  • 26
    [Here is how to recover lost password in Linux](https://community.linuxmint.com/tutorial/view/339). Why am I posting this? Because this is how you can gain access to any machine running Linux. Either if you're physically sat on it, if you've nicked or cloned the hard drive, or otherwise have access to the data on the disk. This takes 11 steps and it's actually relatively roundabout, you can "recover" a password to any account in fewer steps. If you just need access to the data, you don't even need that - mount the disk, browse as root, done. Your user password is irrelevant. – VLAZ Aug 31 '16 at 22:42
  • 2
    @Aria There is no need to steal the disk, just get access for an hour or two. –  Sep 01 '16 at 11:25
  • 1
    @Vld, doesn't that make ruin the point of encrypting the **home directory** (as opposed to full-disk encryption)? Since someone can easily recover the home password and then decrypt `home/user`? – raphael Sep 01 '16 at 14:17
  • @Vld The link is about resetting, rather than recovering a password. A user who did this would not know the user's original password, and would not be able to read an encrypted home dir (since encrypted home dirs are usually encrypted with a key derived from the user's password). Password recovery would need something like John The Ripper, and is not possible with strong passwords. – James_pic Sep 01 '16 at 14:25
  • 4
    @raphael admin-like changes to the password will not re-encrypt the home directory: http://askubuntu.com/questions/33730/will-changing-password-re-encrypt-my-home-directory you need to supply both the previous and the new password to get the auto-reencryption and consecutive access to all files. I don't know if there are ways around this, though. In general, it's probably safer to have a different password that decrypts the hard drive data. – VLAZ Sep 01 '16 at 14:26
  • @James_pic yes...the point I was making was it's _that_ easy to get to **unencrypted** data. 11 easy steps (or less) to bypass what OP thinks would protect the user's files. Encryption is what stops that from being possible. – VLAZ Sep 01 '16 at 14:27
  • @Vld Oh, OK. I mistook your meaning. I'm accustomed to seeing this described as resetting, rather than recovering a password, so assumed you were making a different point. – James_pic Sep 01 '16 at 14:30
  • @James_pic eh, reset is indeed the correct term. Recover implies you _get_ the old password, instead of just _setting a new one_. My fault for the bad wording there - I made a mish-mash of "reset password" and "recover (access to) account". Realised that later but I couldn't edit the comment any more. – VLAZ Sep 01 '16 at 14:33

7 Answers7

104

The point is to protect against your disk being accessed outside of the OS.

Encryption is useful against attackers who have physical access to your computer. Without it, it would be trivial to read out the content of your home directory, for example by plugging in a live boot USB stick.

HashHazard
  • 5,105
  • 1
  • 17
  • 29
tim
  • 29,018
  • 7
  • 95
  • 119
  • 38
    Or removing the HDD and plugging *it* into a different computer. – Jörg W Mittag Aug 31 '16 at 23:54
  • 26
    Or look at the disk's content using literally anything except the OS used to manage the permissions. – Kevin Sep 01 '16 at 08:10
  • 4
    @kevin or use the OS used to manage the permissions to [reset the root password](http://askubuntu.com/a/24024/125475) and then do whatever you like. – Jon Bentley Sep 02 '16 at 11:51
  • 1
    Or by rebooting with `init=/bin/bash` – tylerl Sep 04 '16 at 05:50
  • This does leave the rest of your system unencrypted, which would let an attacker modify the system to steal your password when you enter it, or copy your data once the home directory is mounted. – Alan Shutko Sep 04 '16 at 13:28
  • @AlanShutko That's definitely true, full disk encryption is more secure. But it wouldn't protect against keyloggers that are installed when the system is running, against hardware keyloggers, or just a camera stealing the password as you type it in. – tim Sep 04 '16 at 13:37
30

The Linux permissions only work on your own system. If you take the disk and put it in another computer, or just boot another OS on the same computer that can read your Linux partition you will plainly see that the permissions do not prevent you from accessing the content of your home directory.

Gilles
  • 403
  • 3
  • 6
  • 8
    Actually permissions work just fine between Linuxes. You still need root or same user id number to access the files, if permissions forbid that. So switching computers isn't the trick, the trick is to have root access, eg. after booting from USB stick. – hyde Sep 01 '16 at 05:42
  • 55
    @hyde Yeah, but the attacker has root on his/her Linux. – user253751 Sep 01 '16 at 07:07
14

In addition to answers, there are a few minor caveats that one must keep in mind about these encrypted configurations.

When you are not logged into your system, data in your home directory is not accessible in plain text. This, of course, is by design. This is what keeps an attacker from gaining access to your files. However, this means that:

  • Your cronjobs may not have access to your Home Directory
  • SSH public key authentication into your system also will not work, unless you put your public key somewhere outside of your home directory and symbolically link it to your unmounted $HOME/.ssh/authorized_keys.

You can put your authorized_keys directly in your unencrypted home directory by following these directions without the need for linking it anywhere else. https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/362427/comments/12

Josip Ivic
  • 299
  • 2
  • 4
  • 19
3

If you are not using full-disk encryption you should utilize home directory encryption. Otherwise anyone with physical access to the computer can do out of os access.

If your attacker with physical access could remove the hard drive, connect to external reader, copy home directory, steal data, put hard drive back in the computer. Depending on what data you've stored in your home directory things can get pretty problematic.

Hope this gave you some insight...

2

The reason you encrypt your home directory is for security. As mentioned before, there are several pros and cons to encrypting your home directory, it is not something to take lightly. If you are going to the point of encrypting your home directory then you would also make the encryption password different than your login password. Each time the system boots you are asked for two passwords, your login password and your home directory encryption password. In this situation, if your drive or computer are stolen then the thief would not have access to your encrypted home directory. Even booting up the computer with a live system (cdrom/dvd/usb stick) would not allow the thief access to your encrypted home directory. All the thief would see is garbage on your home directory since they would not have the encryption password. Your login password would not help the thief in any way. Hope this helps.

Larry
  • 21
  • 3
2

Encrypted home directory on a computer is supposed to be less accessible in the eventuality the computer or some of its parts are stolen or accessed without proper rights.

Encryption can be useful if you need to protect private or confidential information that you store in your home directory.

simhumileco
  • 183
  • 7
1

The answers (notably the one by tim) already answer the question about why you would like to encrypt the home directory. Yet, there is one caveat that no one talked about.

Encrypting only the home directory on Linux is poor security.

  1. Several applications store temporary files in /tmp and /var/run (or just /run which should be a soft link to /var/run). Therefore, although the home directory is protected, these temporary files are stored in plain text and a competent attacker will look into the temporary files.

    /tmp and /var/run (and /run) should be either encrypted as well, or be mounted as tmpfs (a filesystem in memory, but for this option read the next point).

  2. The swap is another place that applications may store a file in plain texts. The application will have the file in memory and the kernel may swap out the memory pages that contain the file (which is in plain text in memory). This also will happen with files in a tmpfs.

    If you have anything encrypted on a machine, you should always encrypt the swap as well. Otherwise a competent attacker can scan the swap partition for file signatures an d retrieve complete (or parts of) files in plain text.

If you have full disk encryption (on all disks of the system) these are not concerns.

Community
  • 1
grochmal
  • 5,677
  • 2
  • 19
  • 30