How to install for multiple users - with home drive encryption

Hi guys, how would i install Zorin for 3 users and have encrypted home drives? The users would have different passwords.

1 Like

I think the only way i could do it would be to have full disk encryption and unique passwords for each user. Which would mean having to input the password twice, which is a bit annoying. :frowning:

Unless there is some custom partitioning, 3 different home partitions? I don't like the sound of that.

1 Like

That is not an uncommon setup. Linux is a multi-user system designed with this purpose in mind. By default, users are not able to access each other's files, so there's really nothing special you need to do there.
The advantage of doing that is that you can re-install the entire OS without losing any user data. Another reason this is done is because if one user has a lot of data, only their partition would be used without affecting the rest of the system.

Adding encryption is possible, but at the cost of increased complexity and inconvenience; you need to ask yourself if that is really necessary or not. If you do want to add encryption, consider the following:

  • Full-disk encryption is used to defend the hard drive in case of theft or loss. Since all three users need this password to unlock the drive, it offers no advantages over simply having separate user accounts as proposed above — unless you want to protect the drive contents in the event of theft, etc.

  • Encrypting the user home directory is probably the best balance between security, privacy and convenience. Each user would have their own password to login and unlock their own directories.
    You can do this with one partition, but if you are already going through all this trouble it'd be much more effective to use a separate partitions for each user.

My recommendation is to keep things as simple and lean as possible. This makes managing the system far easier in the long run. Unless you have reasons to think that your users are going to go out of their way to hack each other, relying on simple file-based permissions should be enough.

1 Like

I decided to use full-disk encryption. It was slightly complicated by the fact i didn't want a swap partition. I had to manually set up the partitions and then create a swapfile.

The device in question is primarily used by one person. So i set up that person to auto-login to the desktop after the decryption password. If the other user wants to login, they log out of that account and into theirs. Both users use the same password, while i (as the admin) will have a different password in addition to decrypt password.

This is a personal device - so the reason for encryption is privacy in the event of theft. It's a personal device, but the users want their own 'space' (logins).

Solved well enough for their purposes :slight_smile:

1 Like

I wish you had shared that bit of information earlier, as then I wouldn't have suggested creating dedicated partitions for each user. There's no point in making things more complicated when the users can already access each other's accounts by sharing the same password.

Again, simplifying things tends to pay off dividends in the long run. But in any case, I hope it was at least a good learning experience!

1 Like

I "forgot" about their passwords. I didn't really forget, i just didn't think of it until i set them up.

Yes, the partitioning was awkward. I've been using Linux a few years now, but the partitioning when not using ootb partitioning is still something that i have to think about each time. I don't install Linux often, mind you.

Not sure why Zorin defaults to a swap partition. Is that an Ubuntu default? Distros should move to a swapfile imo. One can change it's size as desired. Partitions are less flexible - or at least more complex to adjust.

Ubuntu — and by extension Zorin OS — defaults to a swapfile instead of a dedicated partition. If you use the defaults, at least. It's possible that once you go with the manual partition scheme there's something different proposed by default.

Hmm... pretty sure mine defaulted to a partition when i did the full disk encryption (via 'advanced options', not 'something else'). I'll try to remember to pay attention when i next install a VM.

Maybe it changes when you try to do anything other than accepting the defaults. Here's from a screenshot a took a few days ago on a fresh install:

Yep, that might be the case.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.