Feature changed by: Neil Rickert (nrickert) Feature #305552, revision 20 Title: Support in YaST for public directories in encrypted home directories openSUSE-11.2: Rejected by Christoph Thiel (cthiel1) reject date: 2009-05-26 18:28:27 reject reason: Postponed for 11.2. Priority Requester: Important openSUSE-11.3: Rejected by Christoph Thiel (cthiel1) reject date: 2010-03-08 16:38:09 reject reason: out of resources for 11.3. Priority Requester: Important Projectmanager: Neutral Requested by: Tim Lee (timl33) Partner organization: openSUSE.org Description: A follow on feature to #301923. There should be a way in the YaST users module to specify directories to make accessable in an encrypted home directory when the user is not logged in. See bug #446317. I would suggest an editable list of directories to exclude from the encrypted image, with a reasonable set of defaults. Examples of directories to exclude ~/.vacation, ~/.procmail, ~/.forward, ~/public_html and ~/.ssh References: https://bugzilla.novell.com/show_bug.cgi?id=446317 Discussion: #1: Fco. Javier Nacher (xiscoj) (2010-01-28 12:23:51) hi, maybe if not in yast, it could be like in ubuntu a context menu in kde/gnome over files and folders to encrypt them, like in windows too. So while you are logged they are decrypted to you but when not they are encrypted. Bye #2: Jan Engelhardt (jengelh) (2010-01-31 20:19:16) What's wrong with having a ~/Encrypted subdirectory? You cannot possibly know in advance how many dot-files would need to be readable. To be frank, there are even non-dot-files like ~/public_html that ought to be readable. #3: Jiri Srain (jsrain) (2010-03-04 10:03:03) I don't think that this functionality belongs to YaST. It is decission of each individual user which directories he wants to have public and which encrypted, the administrator can hardly decide this for all users. Please, reevaluate integration into KDE and GNOME instead of YaST. + #4: Neil Rickert (nrickert) (2013-08-12 00:45:34) + You can already do this, if you use "ecryptfs" instead of a loop- + mounted encrypted home directory. Simplest, for most people, is to run + "ecryptfs-setup-private" which creates an encrypted subdirectory + $HOME/Private + If you want almost everything encrypted, that works too. The "ecryptfs- + migrate-home" script sets up an auxilliary directory as "/home/. + ecryptfs/$USER". Put files there that you do not want encrypted, and + add a symlink to there from both the encrypted home and from home when + encrypted is not mounted. On one of my computers, I have ".ssh", "bin", + "lib", ".dmrc" and probably a few other files visible when not logged + in. Once setup, the individual user can adjust what is visible. -- openSUSE Feature: https://features.opensuse.org/305552