In this Linux config we are going to create encrypted partition for user "linuxconfig" and use pam_mount to mount it under /home/linuxconfig directory. For this config we have used Debian Linux, however the very same principle for creating encrypted partitions can be applied also for any other Linux distributions such as SuSe, RedHat, Gentoo, Ubuntu.


First and the most important one is to make sure that on partition on which you are going to encrypt, is empty. If you have some important data there move them NOW to some save place. When creating encrypted partition all data will be removed. Secondly we need to satisfied software prerequisite so you need to install packages for:

  • cryptsetup ( Ubuntu, Debian package: cryptsetup )
  • pam_mount ( Ubuntu, Debian package: libpam-mount )

Create Encrypted Partition

This command will create Encrypted partition /dev/sdb1 by formating it with LUKS Encryption:

# cryptsetup luksFormat /dev/sdb1 

Create Encrypted Partition

Open Encrypted partition:
This command will create an entry in /dev/mapper for sdb1 partition.

# cryptsetup luksOpen /dev/sdb1 sdb1 

will create an entry in /dev/mapper for sdb1 partition

Create Filesystem

Now we can create filesystem as on any other partition. The only difference is that we create filesystem via mapper. If you try to create filesystem on /dev/sdb1 you will get this error message:

mke2fs 1.40-WIP (14-Nov-2006)
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!

Instead we will use command:

# mkfs.ext3 /dev/mapper/sdb1 

create filesystem on encrypted partition

Edit pam_mount.conf

Because we want new encrypted partition to be mounted every time user "linuxconfig" log in we need to alter /etc/security/pam_mount.conf file and add this line:

volume linuxconfig crypt - /dev/sdb1 /home/linuxconfig - - - 

Edit pam_mount.conf

Configure pam authentication

On Debian or Ubuntu system, you will need to edit two files:
/etc/pam.d/common-auth :

auth       optional 

Configure pam authentication common-auth


session    optional 

Configure pam authentication common-session
Please NOTE: Some distributions have only one file with both auth and session.

Testing encrypted partition

Let's try login as a "linuxconfig" user, please note that you will be prompted to enter password two times, first time it will be your UNIX password and second time it will be your passphrase for your encrypted partition:
passphrase for encrypted partition

Now we need to confirm that we are using our new encrypted partition:
new encrypted partition

Submit your RESUME, create a JOB ALERT or subscribe to RSS feed.
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
Get extra help by visiting our LINUX FORUM or simply use comments below.