Unencrypted home directory?

Hi, I just started trying out NomadBSD, and I elected to set up encryption with geli. After rebooting, I was curious to see what the mounts looked like. Maybe I’m just misunderstanding what I’m looking at, but from what I understand the encrypted part of the disk is mounted under /data, and would be the device referred to under /dev/label/nomaddata (which also has a corresponding .eli file, which nomadroot does not).

There are some entries in fstab where for example /data/var/db is mounted as /var/db, but since /dev/label/nomadroot is mounted as / and /home has no mount, wouldn’t that mean that all the contents of user home directories are written unencrypted to disk?

I guess my questions are:

  • Is my observation correct that anything under /home will not be encrypted? If so, is this a conscious design choice?
  • How would one ensure the home directory is actually encrypted, simply move /home to /data and mount /data/home as /home?
  • Is there anything else that isn’t encrypted but maybe should be?

Thanks.

Hi @baleygr ,

/home is a symlink to /data/home. So, yes, your home dir is encrypted.

1 Like