[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to create /home/user backed by LUKS device decrypted on login

From: Guillaume Le Vaillant
Subject: Re: How to create /home/user backed by LUKS device decrypted on login
Date: Mon, 01 Mar 2021 09:36:08 +0100
User-agent: mu4e 1.4.15; emacs 27.1

Dr. Arne Babenhauserheide <> skribis:

> Hi,
> The manual describes how to setup an encrypted root[1], but I got lost
> trying to find out how to setup a user such that the device is opened at
> login (with a prompt for the password) and closed at logout.
> I need the --allow-discards option to cryptsetup open, to be
> equivalent to the following:
>     sudo cryptsetup open --allow-discards --type luks /dev/nvmeXnXp1 my-user
> I need the user-home to be encrypted, i.e.
>     mount LABEL=my-user /home/my-user
> I’d like to set this in my /etc/config.scm but currently I have to
> decrypt before logging in.
> [1]: 
> Best wishes,
> Arne


You can use the pam-mount service[1] to decrypt a user's home at login,
but it will not create the encrypted volume automatically if it does not
exist; you have to create it yourself.

Also, if you create a LUKS2 volume, you can activate the discard feature
with "cryptsetup --allow-discards --persistent open /dev/xxx path", and
then you won't need to pass the "--allow-discards" option when mounting
the volume anymore.


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]