How To Encrypt Your Home Folder After Ubuntu Installation [Linux]

Danny Stieben 29-12-2011

encrypt home folder ubuntuImagine this: it’s a great day, you’re busy working on your computer at some event, and everything seems fine. After a while you get tired and decide to get something to eat and shut down your laptop. Although it’s not supposed to happen, someone steals it while you’re gone.


At this point you freak out because your life information is on that machine, including banking data, emails, and anything else that could be considered sensitive data. Now your wonderful day has turned into a nightmare. Of course you can do things to minimize the damage that results from a stolen laptop, or you can be proactive and encrypt your information for exactly these kinds of situations.

Encrypt During Installation If Possible

If you were smart enough, you could’ve encrypted your home folder (which basically contains all of your personal data, as literally every other main system folder contains system data, not personal data) when you first installed Ubuntu onto your system. But I guess you simply chose not to (or in my case, I somehow had some issues with it). However, it’s never too late to do it now before something happens to it.

Before You Begin

Encrypting your home folder is actually a lot easier than it may sound. It only requires a few steps and a little amount of your time. Before we begin, make sure that you have a backup available of your entire home folder at another location, just in case the encryption process goes haywire for whatever reason.


The first thing you’ll want to do is open your terminal and issue this command:

sudo apt-get install ecryptfs-utils

which will install the necessary files needed to carry out the encryption process.


encrypt home folder ubuntu

In order to avoid any problems with encrypting a user’s home folder while you’re still logged into that user, it’s best to create a new user with administrative rights temporarily, or if you already have a second user account with administrative rights, you can use that instead. You can then log into that new account.

encrypt ubuntu folders

Next, in order to actually encrypt the home folder, you’ll need to run

sudo ecryptfs-migrate-home –u “username”

where “username” is the username of the user’s home folder that you want to encrypt.

encrypt home folder ubuntu

Once that is done, you’ll need to log back into the original user’s account and complete the encryption process by following the instructions presented to you to add a password to the newly encrypted folder. If that doesn’t appear, you can type into your terminal


to add one yourself. Once that completes, you can delete the temporary account you created, and reboot your system. Your home folder should now be encrypted and safe from anyone who doesn’t know your password!


If you really want to test it out, you can always grab a Live CD and see if you can surf around inside the home folder. Usually you can’t because of file permissions, but it’s always still possible to change the permissions with a Live CD as long as it’s not encrypted. If it’s not possible to do even that, then I’d say that the successful encryption has been confirmed.


Encryption is actually much more important than a lot of people believe. It’s great that such tools exist for Linux, as well as other operating systems with tools such as TrueCrypt How To Make Encrypted Folders Others Can't View with Truecrypt 7 Read More . Hopefully they can be adopted by more people as they don’t bring any noticeable performance issues.

What do you think of encryption? Is it necessary or not? How do you do it? Let us know in the comments!

Related topics: Encryption, Ubuntu.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Shane Faulkinbury
    October 25, 2016 at 8:29 pm

    What if I am root and I get the message

    "This program must be executed by root.
    root@none-110-194:/home/none# "?

  2. Dexter
    December 15, 2015 at 6:09 pm

    It seems this rule of having to log out creates a CRITICAL flaw in the eCryptFS software...

    I use Kali Linux, where "root" is actually used as the default account - I know that's not how Linux usually works (you create another account and use sudo to become root) but that's how Kali works.

    Now, I want to encrypt ROOT's HOME directory, e.g. /root.
    Impossible, because of that stupid rule.

    NOW WHAT? I am not going to patch the whole thing (source code) just for that SIMPLE thing...

    • Alex Anderson
      January 3, 2016 at 4:24 am

      Create an account manually
      Run as root:
      adduser [name here]
      adduser [repeat name here] sudo
      and use that as your main account. Yes, I know some software won't work unless you login as root but this is good security practice anyway; do you really want every program you run freely accessing your entire computer?
      Also, try full-disk encryption. I much prefer that, as it's much more secure, supports up to 8 different passwords, and you can in an emergency nuke all data beyond recovery of anyone on Earth (even yourself)

  3. Kerrick Long
    June 9, 2012 at 9:16 pm

    Worked great! Now, how would I go about reversing the process? I've found that things tend to be slower when my home directory is encrypted, plus I'm paranoid that someday I'll forget my password and never be able to recover the files. :-P

    • Danny Stieben
      June 15, 2012 at 7:17 pm

      There seems to be a lot less information on how to unencrypt your home folder. This may be a complicated way, but I'm pretty sure you'd succeed if you created a new folder/partition, moved over all of your home data to it, and then reconfigure Ubuntu to use the new location as your home folder. Of course that's a generalized idea, as writing out the entire process would be too large for a comment, but I'd expect that to work. The main issue would be to reconfigure Ubuntu to recognize the new home folder.

      Best of luck!

      • Alex Anderson
        January 3, 2016 at 4:32 am

        That's pretty much the only way... Try this in the terminal (as root):
        u="[user name here]"
        sudo mkdir /tmp/$u
        cp -r ~/ /tmp/$u/
        rm -r /home/$u/
        mv /tmp/$u /home/
        That should revert the encryption but it hasn't been tested.
        PS. Sorry for the extremely late response

  4. Devon Day
    May 29, 2012 at 2:30 am

    Thanks! It's well into 2012 and this still worked great for me on Linux Mint 13. :D

  5. Bill
    May 16, 2012 at 8:21 pm

    Nice tutorial but can't get it to work.
    I created new account WITH administrative priveleges and logged in as that user
    but when I try to run sudo ecryptfs-migrate-home –u bill I get the error:

    "This program must be executed by root."

    I even logged in as ROOT and got the same error. What now?
    Any suggestion appreciated. I am running Xubuntu 12.04.


    • Tillorgias
      May 24, 2012 at 7:16 pm

      Hey Bill, I had the same error. The character used on the website to display the "-" in front of the "-u" option is no real "-" but a similar char. So copy the command, remove all "-" and type them manually and it will work.

      Hope it works,

      • Bill
        May 24, 2012 at 7:55 pm

        Thank you Tillorgias. It works.


      • Tina
        May 25, 2012 at 9:55 am

        Thanks for the great tip, Till!

  6. Danny Stieben
    January 23, 2012 at 5:50 am

    It seems that you're trying to encrypt r9s's home folder while still being logged in as r9s. Like the article shows (so look at it if you need guidance), you'll need to set up a new user if you only have one, give that user admin rights (to be able to use sudo), log into that user, and then run the same command to encrypt r9s's home folder.

  7. Danny Stieben
    December 30, 2011 at 11:28 pm

    I seem to have a knack for writing articles whenever people either just did whatever was covered in the article or plan on doing it. ;)

    Thanks for the input!

  8. Matt
    December 30, 2011 at 2:57 pm

    Great article Danny! If you use whole disk encryption, you wouldn't need to do this, correct? I guess you could still have a multi-user situation where you might want to protect users home directories from other users. Thanks!

    • Lazza
      December 30, 2011 at 3:02 pm

      If you use whole disk encryption then this is useless, that's right. But IMHO this method is better for a couple of reasons. The first is that encrypted files on a "visible" partition are easier to backup or transfer on a system reinstall, the second is that if someone wants a not-encrypted profile for any reason this can be done. :)

    • Danny Stieben
      December 30, 2011 at 11:26 pm

      As Lazza says, that would be correct. However, I haven't figured out how to do whole-disk encryption with Ubuntu yet (only Fedora). There are no options of encrypting the whole disk with Ubuntu's regular installer.

      • Tanner
        May 4, 2012 at 10:01 pm

        Full Disk Encryption is a part of the installer. When you're choosing your partitioning method, you have to select "Guided - use entire disk and setup encrypted LVM". Then after partitioning it will ask you for the Encryption passphrase, and encrypt the OS volume with your key. The only thing that won't be encrypted is the bootloader (usually Grub). See this image for reference.

  9. UMoron
    December 30, 2011 at 3:00 am

    That's awesome! Wish I checked out that site, unfortunatelly my internet is down, please send it to me by Fedex on my email adress.