How can a specific directory on a filesystem be encrypted?

Solution Verified - Updated 6 Aug 2024

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6

Issue

We want to encrypt any writes into a specific directory and decrypt the data on read. What can be used for this? Cryptsetup? LUKS? eCryptfs?

Resolution

eCryptfs -- provided by the ecryptfs-utils package in RHEL 5 and RHEL 6 -- can do exactly this
In short, eCryptfs allows for creation of an encrypted container on top of a filesystem, in contrast to dm-crypt (cryptsetup/LUKS) which allows for encrypted block devices on to which filesystems can be laid
For more details on implementing eCryptfs, see Chapter 3 in the RHEL 6 Storage Administration Guide
Note that the ecryptfs-utils package has "Technology Preview" status in both RHEL 5¹ and RHEL 6²
See: What does a "Technology Preview" feature mean?
Note also that ecryptfs is not and will not be available at all in RHEL 7

See the This content is not included.RHEL 5.11 Technical Notes, Chapter 1. Technology Previews
²: See the RHEL6 This content is not included.Storage Administration Guide, Chapter 1.1. What's New in Red Hat Enterprise Linux 6

SBR

Filesystem

Product(s)

Red Hat Enterprise Linux

Category

Learn more

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.