How to Configure systemd-homed for Encrypted Home Directories
Learn how to use systemd-homed to create encrypted portable home directories for Linux users while securing your files, migrating users and backing up easily.
β Ravi Saive
When you log into your Linux system, all your personal files, documents, photos, and configuration settings live in your home directory. If someone gains physical access to your computer or if your hard drive is stolen, all that data is sitting there, completely readable.
Even if you have a login password, it only protects against casual access while the system is running, it does nothing to protect your files when the drive is read directly.
Traditional Linux encryption solutions like LUKS encrypt your entire disk, which works but comes with limitations such as you have to enter a password before the system even boots, and everyone who uses the computer shares the same encryption.
If you want to back up just your files or move them to another machine, you're dealing with the entire encrypted partition.
systemd-homed takes a different approach, instead of encrypting the whole disk, it encrypts each user's home directory individually. Your files are locked away in their own encrypted container that only unlocks when you log in.
When you log out, everything locks automatically, and your data becomes portable and you can literally copy your home directory to a USB drive and use it on any computer that supports systemd-homed.
But here's the thing: systemd-homed is relatively new in the Linux world, and many distributions don't enable it by default and wetting it up requires understanding a few concepts and running commands you might not be familiar with, which is exactly what this guide will walk you through.
systemd-homed: A Quick Overview
Before we get into, let's clarify what systemd-homed actually does. In traditional Linux systems, users are stored in /etc/passwd, with their home directories sitting somewhere like /home/username as regular folders on your filesystem.
With systemd-homed, each user becomes self-contained and their account information and encrypted home directory are bundled together in a single file or directory that the system mounts only when needed.
This means when you're logged out, your home directory doesn't even exist from the system's perspective, it's just encrypted data, but when you log in, systemd-homed decrypts it on the fly and mounts it so you can access your files.
The main downside is compatibility, for example some older applications expect users to be in /etc/passwd and might behave strangely. Most modern software works fine, but it's worth knowing this isn't a drop-in replacement for every possible setup.
Find Out Whether systemd-homed Is Enabled
Not all Linux distributions ship with systemd-homed enabled, even if they use systemd. First, let's check if the service is available on your system.
systemctl status systemd-homed
If you see something like "Unit systemd-homed.service could not be found", your distribution doesn't have it installed or enabled.