Gfilui

I have an Ubuntu 17.10 laptop, with users A and B. There are encrypted home directories /home/A and /home/B for the two users. These are set up using Ubuntu's default encrypted home directory mechanism (ecryptfs?).

The laptop has another hard disk, which is currently unused and not mounted. I want both users to be able to use this disk, so I want to set up a /home2 folder on this disk, with folders /home2/A and /home2/B in it, owned by the two users respectively. Ideally I'd like that /home2/A should be encrypted, with the same credentials as /home/A, and should be auto-mounted when user A logs in, just like /home/A is. And the same for B.

This seems like a completely natural way to use an additional disk just like one would use one's primary disk, in a multi-user scenario. How does one do this?

I tried searching for this but most answers I found talk of full-disk encryption, which is not suitable for a multi-user environment.

I have a similar setup in my computer with an external drive and it's been working fine for a while.

This steps are based on rcoup's answer to this question, but a more GUI-like procedure is used.

It's been checked to work with Bionic Beaver 18.04

You might come across a few problems due to this bug. It only affects the manual mount, but not the automount proposed here.

To be allowed to do administrative operations with nautilus, you need to have the extension nautilus-admin installed

sudo apt install nautilus-admin

Then, follow these steps:

1) Open GParted, Right click the partition you want to use as Home2, Information, Copy its UUID.

2) Using Nautilus, navigate to Other locations, Computer, etc.

3) Right click the file fstab, Edit as administrator, Add the line

UUID=the-UUID-you-copied-from-GParted /mnt/Home2 ext4 defaults 0 2

Save the file

4) Navigate to Other locations, Computer, mnt.

5) Right click blank space, Open as administrator.

6) On the admin nautilus window that opens up, right click blank space, New folder, Home2.

7) On GParted click GParted, Refresh devices. Check that the mount point /mnt/Home2 shows up for your partition.

8) Still on GParted right click that partition, mount on, /mnt/Home2. There should be a key showing that the partition is mounted. Close GParted.

9) On the admin nautilus window navigate to Other locations, Computer, mnt, Home2.

10) Right-click blank space, New folder: .Private-A, Hit Ctrl-H to see hidden files.

11) Right click .Private-A, Properties, Permissions, Group: , Close admin Nautilus.

12) On regular Nautilus: Navigate to your home folder, Right click blank space, New folder: Home2.

13) Navigate to .ecryptfs (there's a symlink in your home folder).
Right click Private.sig, Copy, Right click blank space, Paste.

14) Right click the newly created file 'Private (copy).sig', Rename: Home2.sig

15) With the Text editor, create a new document containing this line:

/mnt/Home2/.Private-A /home/<your_user>/Home2 ecryptfs none 0 0

Save it as Home2.conf in your .ecryptfs folder.

16) Open Gedit and create a new text file /home/your_user/.local/bin/automount_ecryptfs.Home2 with the following content:

#!/bin/bash
MOUNT_POINT=/home/<your user>/Home2
grep -q $MOUNT_POINT /proc/mounts
if [ $? -eq 1 ]; then
 mount.ecryptfs_private Home2 
fi

17) Navigate to this file with nautilus and right click on it, Permissions, Allow executing file as program.

18) Open the file .bashrc in your home folder, and add the lines:

# Automount additional encrypted home folder
/home/<your user>/.local/bin/automount_ecryptfs.Home2

In the dash, open 'Startup applications', Add, Name: Automount Encrypted Folder, Command: /home/your user/.local/bin/automount_ecryptfs.Home2, Save

Reboot the computer

You can do the same with the other user. Just repeat the steps from #9 on and use the name .Private-B for the lower folder instead.