Hestia + ecryptfs encrypted home for admin user?

I am looking at possibly using ecryptfs to encrypt the admin directory. Is this even possible without breaking access of some services? Would it cause conflicts with users clamav, www-data, dovecot, etc.? Most important goal is to find a way to encrypt the mail folders, and the more at rest stuff I can encrypt, the better.

I thought about full disk encryption with LUKS but that still leaves everything open to any user on the system that might gain elevated privileges, whereas directory filesystem encryption protects the data behind individual key per directory. It seems in my scenario that filesystem encryption would be much better than block device encryption.


If I find a good way to move forward I’ll do a writeup and post it.

I suggest not to use the admin user to host any website / email account / what ever. I the website got hacked the user has full access to the full system!

For encrypting the mail dir mail-crypt-plugin — Dovecot documentation

Haven’t tried it …

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.