encrypted home setup
ecryptfs-migrate-home [-u|--user USER]
-u, --user USER
Migrate USER's home directory to an encrypted home directory
WARNING: Make a complete backup copy of the non-encrypted data to
another system or external media. This script is dangerous and in case
of an error, could result in data lost, or lock USER out of the system!
This program must be executed by root.
This program will attempt to migrate a user's home directory to an
encrypted home directory.
This program requires free disk space 2.5x the current size of the home
directory to be migrated. Once successful, you can recover most of
this space by deleting the cleartext directory.
The USER must be logged out of all sessions in order to perform the
migration, and have no open files according to lsof(1).
Once the migration has completed, the USER must login immediately,
BEFORE THE NEXT REBOOT in order to complete the migration.
After logging in, if USER can read and write files in their home direc-
tory successfully, then the migration has completed successfully and
can remove the cleartext backup in /home/.
After a successful migration, the USER really must run ecryptfs-unwrap-
passphrase(1) or zescrow(1) and record their randomly generated mount
If swap is not already encrypted, it is highly recommended that your
administrator setup encrypted swap using ecryptfs-setup-swap(1).
ecryptfs-unwrap-passphrase(1), ecryptfs-setup-private(1), ecryptfs-set-
up-swap(1), lsof(1), rsync(1), zescrow(1)
This manpage was written by Dustin Kirkland <email@example.com> for
Ubuntu systems (but may be used by others). Permission is granted to
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2019
All Rights Reserved.