Using Encrypted Home Directories - Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008 Deployment Manual

The advantage of encrypted container files over encrypted partitions is that they can be
added without repartitioning the hard disk. They are mounted with the help of a loop
device and behave just like normal partitions.
42.1.4 Encrypting the Content of Removable
Media
YaST treats removable media like external hard disks or USB flash drives the same as
any other hard disk. Container files or partitions on such media can be encrypted as
described above. However, enable Do Not Mount During Booting in the Fstab Options
dialog, because removable media are usually only connected while the system is running.
If you have encrypted your removable device with YaST, the KDE and GNOME
desktops automatically recognize the encrypted partition and prompt for the password
when the device is detected. If you plug in a FAT formatted removable device while
running KDE or GNOME, the desktop user entering the password automatically becomes
the owner of the device and can read and write files. For devices with a file system
other than FAT, change the ownership explicitly for users other than root to enable
these users to read or write files on the device.
42.2 Using Encrypted Home
Directories
To protect data in home directories against theft and hard disk removal, use the YaST
user management module to enable encryption of home directories. You can create
encrypted home directories for new or existing users. To encrypt or decrypt home di-
rectories of already existing users, you need to know their login password. See Sec-
tion 8.9.1, "User Management" (page 161) for instructions.
Encrypted home partitions are created within a file container as described in Sec-
tion 42.1.3, "Creating an Encrypted File as a Container" (page 760). Two files are cre-
ated under /home for each encrypted home directory:
LOGIN.img
The image holding the directory
Encrypting Partitions and Files 761