In Chapter 2, Securing User Accounts, I showed you how Ubuntu allows you to encrypt a user's home directory as you create his or her user account. To review, let's see the command for creating Goldie's account:

1. If it hasn't already been done, install the ecryptfs-utils package:

sudo apt install ecryptfs-utils

2. On an Ubuntu VM, create Goldie's account with an encrypted directory:

sudo adduser --encrypt-home goldie

3. Have Goldie log in. Have her unwrap her mount passphrase, write it down, and store it in a secure place. She'll need it if she ever needs to recover a corrupted directory:

ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase

When you use adduser --encrypt-home, home directories for new users will automatically be set to a restrictive permissions value that will keep everyone out except for the owner of the directory. This happens even when you leave the adduser.conf file set with its default settings.