Last active
November 5, 2025 06:33
-
-
Save mz0/9eea96d8f3583a5f6c4dd2163591dc16 to your computer and use it in GitHub Desktop.
Ubuntu *fscrypt* (Ext4 / F2FS only. See `gocryptfs` for XFS/Btrfs) https://github.com/google/fscrypt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt install fscrypt libpam-fscrypt | |
| # encrypt only filesytem with /home (it may be in '/' filesystem) | |
| FileSystem=$(grep -E ' (/home|/) ' /proc/mounts | grep -o '^[^ ]*') | |
| getconf PAGE_SIZE # 4096 | |
| # TODO check Ext2/Ext3 (FSFS, UBIFS ??) | |
| sudo tune2fs -l $FileSystem | grep 'Block size' | |
| sudo tune2fs -O encrypt $FileSystem | |
| sudo fscrypt setup | |
| sudo pam-auth-update |
Author
mz0
commented
Jan 25, 2025
Author
log out - logon
mkdir p/dehydrated
fscrypt encrypt p/dehydrated/
rsync -a nb15:p/dehydrated/ p/dehydrated/
chmod 755 p/dehydrated/
log out; login as another user
Author
add this to .bashrc
is_unlocked() {
if [ -z "$1" ]; then echo "Usage: is_unlocked <path>"; return 1; fi
fscrypt status "$1" 2>/dev/null | grep -q "^Unlocked: Yes"
}
Private=$HOME/p/dehydrated
if ! is_unlocked "$Private" ; then
echo "🔐 $Private is locked. Please enter your password to unlock."
fscrypt unlock $Private
fi
unset Private
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment