Verschlüsseltes Home
Ausgangslage: Systempartition, plus leere Partition, die das verschlüsselte Home aufnehmen kann.
apt install libpam-mount cryptsetup -y -v luksFormat /dev/xvdc cryptsetup luksOpen /dev/xvdc myhome mkfs.ext4 /dev/mapper/myhome mount /dev/mapper/myhome /mnt # Copy already existing user data cp -varu /home/user/. /mnt/. # May be erase existing home umount /mnt cryptsetup luksClose myhome
In /etc/security/pam_mount.conf.xml
<volume user="user" fstype="crypt" path="/dev/nvme0n1p7" mountpoint="/home/user" />