ubuntu-zfs-root-enc-home

Additional per user encryption of home dir for Ubuntu systems with ZFS root

I found that existing solutions either didn't work for me on Ubuntu 21.10, or are manual processes that are not suitable for larger environments or lazy admins.

This one is not a perfect solution, but works for me.

Installation and usage

Copy sbin/* to /sbin, chmod 0755 them, chown root:root them as well and
Copy udev/rules.d/90-zfs-permissions.rules to /etc/rules.d, chmod 644, chown root:root
Create a group named zfs and add any users who will be using zfs to the group addgroup zfs; usermod -a -G zfs $USER
Manually merge the files in pam.d into your pam setup. This will be different on various flavors/releases. I'll try to automate this in the future
Do not be logged in as the user you want to migrate, best run logged in as root on the console (no X)
Read convert.sh and understand what it is going to do
Make sure you are running a zfs root with bpool and rpool conventions
Make sure that the user to be converted was either created using the normal Ubuntu systems management tools, adduser, gnome-control-center, etc. The user's home directory should be visible when running zfs list, and should have the following convention for the volume name "rpool/USERDATA/$USER_$RANDOM" where USER is the user, and RANDOM is a string that can be described by this pcre /[\w\d]{6}/
Run ./convert.sh --help and decide if you need to add any arguments, referenced as $ARGUMENTS below
Don't skip any prior steps
On the console, as root, run ./convert.sh $ARGUMENTS $USER, $USER is the user to be converted.

Special thanks

This project automates code from, adds to, was inspired by, etc

Known Issues

Unmounting is unworking currently

Special thanks to me

btc: bc1qqxrjrzw9mwa49tv6wucrz22xr5ga4kg8ptl9x5

About

Additional per user encryption of home dir for Ubuntu systems with ZFS root

BSD 3-Clause "New" or "Revised" License

Languages

Language:Shell 100.0%