In Chapter 2, Securing User Accounts, I showed you how Ubuntu allows you to encrypt a user's home directory as you create his or her user account. To review, let's see the command for creating Goldie's account:

sudo adduser --encrypt-home goldie

When Goldie logs in, the first thing she'll want to do is to unwrap her mount passphrase, write it down, and store it in a secure place. (She'll need this if she ever needs to recover a corrupted directory.):

ecryptfs-unwrap-passphrase .ecryptfs/wrapped-passphrase

When you use adduser --encrypt-home, home directories for new users will automatically be set to a restrictive permissions value that will keep everyone out except for the owner of the directory. This happens even when you leave the adduser.conf file set with its default settings.