ecryptfs enables you to have an encrypted home directory per-user (i.e. one user can use it, the other not). A pretty comprehensive introduction on it you find here: http://www.linux-mag.com/id/7568/
Then of course: https://wiki.archlinux.org/index.php/ECryptfs
Being short on diskspace always is problematic when setting up something like that. Maybe try it out with a new user.
edit: typo
]]>You'll need to copy the data to another place and then encrypt and copy the data back. It's best to first prep the partition by writing random data over it
Something more or less easy, if I ever get an external HDD. Currently my /home partition is filled well over the 50%, so I can't just shrink to make a temporary partition, fill with random data, format, move data between partitions, delete the old partition, fill with more random data, and expand the encrypted partition (if that could be done without issues, that is).
I believe I had to add a password for the guest account with pam_mount. Otherwise it would ask for the encryption passphrase when logging in for some reason. I just set it to "guest" and echoed that in /etc/issue so any user would know the password.
Now we're having issues. My computer, as it's working right now, logs in directly without a password. If I had to tell my mom that now she needs to log to this account and enter this password (something hard for her, since she's not that good at typing), suspicions would surely arise. (Not that I'm doing anything weird or illegal - just wanting my data to be safer.)
]]>You'll probably also want to look into pam_mount:
https://wiki.archlinux.org/index.php/Pam_mount
I believe I had to add a password for the guest account with pam_mount. Otherwise it would ask for the encryption passphrase when logging in for some reason. I just set it to "guest" and echoed that in /etc/issue so any user would know the password.
]]>Okay, let's see if I got my manual right.
useradd -U -m -d /guest guest
would make a new user named "guest", with no password, but I'd need to guess which groups the guest would be required to join and add them manually. Is that right? Also, how to encrypt a partition on-the-spot?
]]>