This post was originally submitted to old KDE Forums by me.
Hi, for some reasons I wanted to setup shared KDE Vault for two users and found how to do it.
Because I’ve not found any sources or tutorials covering this topic I will post such here.
In spite of being KDE user for quite a long time I’ve never use KDE forums before, so sorry for mistakes.
To the topic:
I wanted to have an encrypted KDE vault that will be accessible (not at the same time) by two users.
We should start with creating shared space and managing it’s permissions.
You will need sudo powers to do some of the following steps.
I’ve chosen to create this shared space inside /home/
From terminal run those commands:
sudo mkdir shared
(replace shared with your own name at will) - create shared space
sudo groupadd SharedUsers
(replace SharedUsers with your group name at will) - create users group
sudo chgrp SharedUsers /home/shared/
- make new group owner of shared directory
sudo chmod 2775 /home/shared/
- add permissions for new group to shared directory
sudo setfacl -d -m g:SharedUsers:rwx /home/shared
- setup ACL for shared directory
sudo usermod -a -G SharedUsers user1
- add your user to new group (replace user1 with your username)
sudo usermod -a -G SharedUsers user2
- add the other user to new group
To check your username you can use
whoami
If you want to add more users than two just repeat the command with another usernames.
You will need to logout (or reboot) for those changes to be applied.
After login you can check if the permissions are working.
cd /home/shared
- go to shared directory
touch test
- try making a new file
rm test
- try removing a file
Optionaly you can switch to another user
su user2
(you will need user2’s password) and repeat the 3 commands above.
After ensuring the properties were applied successfully we should start creating shared vault.
Make another directory for Vaults in shared space.
mkdir /home/shared/Vaults
Launch KDE Vaults and add new Vault.
Provide your Vault name and remember it (for me it will be Shared).
I’ve selected CryFS.
Provide strong password and remember it (will be needed to decrypt Vault) - this password will be the same for every other user using this Shared Vault
In next screen you should provide location for files:
/home/shared/Vaults/
Mount point can be leave default
/home/user1/Vaults/Shared
(if you want to change it, remember the value you entered)
In the last step you can choose cipher and other options, you can leave it default.
In the last step you will need to copy your config to another user(s) home directory and adjust the values inside it.
To avoid permissions issues we will copy the config to shared space and then switch user and copy it to their home directory.
cp ~/.config/plasmavaultrc /home/shared/
- copy settings to shared space
su user2
- switch to user2 (you will need user2’s password)
cp /home/shared/plasmavaultrc ~/.config/
- copy settings to user2’s config directory (do not do it if you had any Vaults on user2, instead open existing config and copy-paste Shared Vault config to the existing plasmavaultrc config file).
nano ~/.config/plasmavaultrc
- open config in text editor (you can use other editors, e.g. VIM)
If you haven’texiosting vaults copy user1’s config and change it’s settings, otherwise copy regions from this settings to user2’s config file.
[/home/shared/vault]activities=backend=cryfslastError=lastStatus=2mountPoint=/home/user1/Vaults/Sharedname=SharedofflineOnly=false
Replace user1 with user2
And the other section:
[EncryptedDevices]/home/shared/vault=true
For aditional users repeat the above steps (copy config and change MountPoint).
Copy the content of [EncryptedDevices] section.
Save the file (for nano CTRL + O).
Log in as user2 (remember to close Vault from user1.
You should see Vault Shared to be avaliable in GUI.
Decrypt it using shared vault password.
You should make sure to exit the vault before trying to access it from another user.