Join Log in
Score:0
user2686101 avatar Ubuntu

How to let Chrome Remote Desktop run with encrypted /home before login

in flag
user2686101

Background:

  • I have a headless system put on a public place. I installed Chrome Remote Desktop on it, so that it can automatically launch several desktop applications after boot, and I can connect remotely to check the status.
  • Since the system is accessible by non-authorized folks, I want to encrypt /home directly for primitive security ( I know encrypting /home only is not TRUE secure, but it is good enough for me to stop some casual glance only).
  • I followed the guides here to encrypt /home with eCryptfs. However, the encryption broke the remote desktop service, which worked perfectly before encryption.
  • The reason is, chrome remote desktop service can not access config files before login, which locates in ~/.config/. So it fails at start.

My question:

Is it possible to allow Chrome Remote Desktop (or more generally, any service that runs with the privilege of specific user) to access encrypted /home directory before user login? I do not insist on eCryptfs. Any lighter (less secure) tool is also acceptable.

Some more information:

  1. They system locates behind some NAT gateway, and I have no control on the gateway. So I can not access with ssh.
  2. I need reboot the system remotely from time to time, so full-disk encryption is not an option.
93
1 + 1
ar flag
user68186
One solution may be to locate `.config` outside the `/home` directory, for example, in `/etc/myconfig/.config`. then setup Chrome to look for config there instead of the default location.
0
Reply
Score:1
avatar Ubuntu
ru flag
Thomas Ward

No, this isn't possible if you have an encrypted home directory.

You don't have the luxury of 'running things as the user' if the user's information and data are encrypted and need accessed.

If your /home directory is encrypted, you can't access it until you decrypt it - which you have to do manually from the system with logon. That's kind of the point of encrypted home - your data is encrypted and you have to manually login to unlock it.

Encrypted home will break services such as these that run in 'userspace'.

0 + 1
user2686101 avatar
in flag
user2686101
Got the point. Thank you for clarifying
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.