#Home directory encryption

I recently reinstalled mint on my system, during which I mistankingly checked the box that encrypts the home directory, and I'd like to undo that but don't know how.

got already valuable data on /home? if no, i would just install anew because decryption would need the same time. you kept the installation usb stick?

I didn't, and i have save files on my home folder that i'd like to keep :')

As well as other programs for daily use like lutris, bottles, steam etc

sadly, i got no experience of en- or decryption. but i think preparing a usb memory stick with a live linux on it as a precaution doesn't hurt. and you will maybe need a separate, non-encrypted partition. i imagine that if files are not individually encrypted you need only copy all files from an encrypted partition to a regular partition, so the files get automatically decrypted. i have to try that out by myself, but i'm stuck with too few disks...
wait for the pundits in here, maybe prepared with some neceessary data points. could you open a terminal and type:

• df -h
• inxi -Fxxxz
• lsblk -f
• sudo parted -l
  (that's all i know)

okay, then

• sudo parted -l
• sudo pvscan
• sudo lvscan
• sudo vgscan
  they do not manipulate data, the commands show only some data points so we know what partition is with which method encrypted and such. these commands will put out data beyond my knowledge so wait for stunner, maniak, curunir, sedenion, jeremyb, temmie, etc.

so...
/dev/sda1: is the partition 'bios_grub' but doesn't show up in lsblk -f? idk why!
/dev/sda2: lsblk -f and parted show the same, okay.
/dev/sda3: is in ext4 format and has 310 GB in lsblk -f and 512 GB in parted? idk why!

and idk why pvscan, lvscan, vgscan don't show any output! the same non-output than in my non-encrypted system!?

I also don't know what some (most) of those outputs mean 💪

i can't help you any further, please wait for stunner, maniak, curunir, sedenion, jeremyb, temmie, etc.

Alright

Thank you for your time

you're welcome 🙂
i mentioned this thread in the triage: #⛑triage message

The thing would do, is to backup home data into another non-encrypted location...

1. Obtain your Private directory mountpoint

   $ PRIVATE=`cat ~/.ecryptfs/Private.mnt 2>/dev/null || echo $HOME/Private
   

2. Ensure that you have moved all relevant data out of your $PRIVATE directory
3. Unmount your encrypted private directory

$ ecryptfs-umount-private

4. Make your Private directory writable again

$ chmod 700 $PRIVATE

5. Remove `$PRIVATE, ~/.Private, ~/.ecryptfs`
 Note: THIS IS VERY PERMANENT, BE VERY CAREFUL
 ```
$ rm -rf $PRIVATE ~/.Private ~/.ecryptfs

6. Uninstall the utilities (this is specific to your Linux distribution)

$ sudo apt-get remove ecryptfs-utils libecryptfs0

That ⬆️ is the procedure to revert/undo home encryption... But before doing that, you must backup all your home data to safe (unencrypted) location.

Some people simply copies the /home/user to another home folder, for exemple :

sudo cp -rp /home/user /home/user.backup

Personally, to be sure, I would rather backup the entire /home data into /opt/home in case something went wrong...

See more here:
https://askubuntu.com/questions/4950/how-to-stop-using-built-in-home-directory-encryption

Tell me once you are ready to play with terminal...

Good morning. I have the time now.

ok

before we begin I would like to check some things

can you open terminal and type cat ~/.ecryptfs/Private.mnt and paste result here

ok... type that cat ~/.ecryptfs/Private.mnt 2>/dev/null || echo $HOME/Private

and show result

Same result

ok

type ls ~/.ecryptfs

I'm not really sure if screenshots or saving as .txt are the best way to share these

you can select text in terminal and copy it, to paste here

you can also use the middle-mouse button

screenshot is ok for now

Well, what things you must backup absolutely ?

well, whatever, we will backup everything... but restoring will not be as easy...

Alright

I mostly just have game roms and isos on download, but other than that i'd like to keep all the things i've installed and their configurations too

Like all the environment variables i set as launch options on steam and flatseal

Or login information on floorp and such

so, type sudo cp -rp /home/raviel /opt/raviel.backup

this will take a while, do not close terminal until you see the new prompt

do you have a phone or another computer than this one to connect to discord ?

I do

you will need it...

because the other part must be done in recovery mode

Oh man

Is there an easy way to boot on recovery mode

it's not that hard

It's just that i may have to move my rig to a different monitor, my tv, since this one doesn't display the BIOS

ah, that might be a problem indeed

the recovery mode is in text mode

like que grub menu

Figured

and you need to see the grub menu to access recovery mode

Guess i'll be doing that once the files are done copying

yes

Done

ok

ready for recovery mode ?

Sure am

You know how to go in ?

No 💪

ok, you see the Grub Menu ?

when you start computer

I do in this monitor, yes

on that menu, select "Advanced options for Linux Mint"

then select the first entry with (recovery mode)

you will end with a red menu

one of the option is "Drop in prompt as Root" or something like that

Wait i confused the GRUB menu with the BIOS

I don't know how to get there

Do i press F12 during boot?

no

If you don't see the grub menu, press ESC at boot

before you see the Mint logo

This?

The 0 was a typo

What next?

shit, I don't know, wait

type normal

I'm now back to the regular mint password screen

🙂

ok

open terminal sudo nano /etc/default/grub

GRUB_TIMEOUT_STYLE=hidden -> GRUB_TIMEOUT_STYLE=menu
GRUB_TIMEOUT=0 -> GRUB_TIMEOUT=5

then Ctrl+X confirm save

then type sudo update-grub and reboot

Uh, after pressing ctrl+x and saying yes it's asking for a file name

there is no default one ?

Ig

simply type enter

Done

Double checked to see if it saved the changes and i belive it did

Ran the update command

I'll try rebooting now

It shows up, but it doesn't take long for the mint logo to appear and take me to the password screen

What do i have to select before that?

Reboot once you see the menu simply hit up or down arrow key, this stops the timer

you select "Advanced options for Linux Mint" then the first entry with (recovery mode)

Done

The recovery menu, i think it's called in english, is open

ok, You should find an option "Drop in shell prompt as root" something like that

There's an option that roughly says that it takes me to terminal in root mode

It's that one, i wager

yes, it's that

"Control D to continue or enter for maintenance" it says

Ctrl+D

Nothing happened? I'm still on recovery menu

retry and type enter

Retry until you have prompt

Now there's a command prompt

ok

so we will first verify the back files

cd /opt

ls

raviel.backup

ok, cd aviel.backup then verify files are properly readable for example, list Download files

ls Downloads

ls .steam etc..

it's ok ?

Seems everything is there, yes

ok

here beging Armageedon

Actually, when i type ls it doesn't list hidden folders, although they're still readable since ls .steam still yielded results

yes, to list hidden folder you must add -a options

you also can display as listing

ls -al

then you have the detailled list

I see

ok, ready?

Yes

don't mistype this one:
rm -rf /home/raviel

Will it still work if i'm still on /opt/raviel.backup ?

yes

Alright

if you prefer go to /home

Done

cd /home

but since the supplied path is absolute (beging with /) it will understand as absolute path

if you typed rm -rf home/raviel without the leading / this would probably show you an error, about not existing item

It didn't show an error message and just showed me another command prompt

I assume the raviel folder is gone now

so it suceed, you can verify ls -al /home it should show you only two lines . and ..

I moved to home folder via cd /home

Typing ls -al shows the 2 files you mentioned plus .ecryptfs

I copy pasted a message of yours to do this weird font background thing :')

ok, remove .ecryptfs too rm -f .ecryptfs

Says it can't remove .ecryptfs due to it being a directory

ah ok

rm -rf .ecryptfs

Done

Only . and .. inside home folder now, as per ls -al

now apt remove ecryptfs-utils libecryptfs0

Libecryptfs0 is not installed, and thus will not be removed
The following packages will be REMOVED
ecryptfs-utils yadda yadda yadda
do you want to continue? Y/n

YEs !!

Done

wait

did you writen libecryptfs0 with capital ?

apt remove libecryptfs0 without capital, anywhere

ok

type apt autoremove (don't need sudo)

and answere Y to everything

Well, there wasn't anything to remove

ok

now we move backup to home

mv /opt/raviel.backup /home/raviel

Done

ok cd /home then ls -al and check that the raviel folder belong to raviel user and group

you should see raviel raviel

Seems so

ok

type reboot and cross fingers

I'm in

your session open ?

Yes

everything is here ?

Down to the last page i had opened on my browser, it looks like

marvelous

Do i have to see the grub menu every time i boot?

now the final cleaning, open terminal

type : rm -rf ~/.Private and rm -rf ~/.ecryptfs (take care of capital P at Private)

if you want to get rid of the grub menu:
sudo nano /etc/default/grub
back menu to hidden and 5 to 0
Ctrl+X confirm save
sudo update-grub

Directories removed and grub updated

reboot, and check everything is ok, if so, congratulation

Things seem ok