Enable locate on systems with and encrypted home directory
If you have an encrypted home directory on a linux system chances are that you are using ecryptfs. This is the simplest way of encrypting the sensitive parts of your computer. You may also have noticed that the locate command does not find files in your home directory any more.
This behaviour is intentional. locate does not search the disk directly, instead it queries a database file generally called mlocate.db generated by the updatedb tool. This file is updated by the updatedb tool which is usually run with cron and it contains information about every file and folder on your system. This might not seem like a big deal but it contents could provide a potential attacker valuable information about the information stored on your computer. Worse, this file is stored in /var/lib, outside the confines of your encrypted home directory.
We can however work around this and have the best of both worlds. Maintain the security of the encrypted home and the convenience of locate. To do this we need to create a new mlocate.db``file just for our home directory and tell ``locate to use it too.
To achieve the first step we will add a new task to our crontab. To edit it run crontab -e as yourself. Do not use sudo since that would cause you to edit the crontab of the root user. Add the following line to the bottom of the file:
00 01 * * * username updatedb --require-visibility 0 --output $HOME/.local/lib/mlocate.db --database-root $HOME/
This will run updatedb every every hour. Normally updatedb would refuse to run if the owner of the mlocate.db file is not slocate. The --require-visibility 0 tells it to sip that check which allows us to run the command as our own user. The --output option specifies the location where the database should be saved and the --database-root makes updatedb only search the specified folder.
Now that we have a database file we need to help locate find it. We can do this with the LOCATE_PATH environment variable. Add the following line to your .bashrc
# Tell locate to use our very own mlocate database including files indexed here
export LOCATE_PATH="${HOME}/.local/lib/mlocate.db"
There you have it. We've got locate working again.