Can root see my encrypted /home folder?

Short answer: Yes and no.


Can root see my encrypted /home folder?

Yes. As long as you are logged in, root as well as any sudo user can see your decrypted files. Also, when you wake up from sleep, your /home will still be decrypted.

Also there is a bug in ecryptfs that prevents unmounting the decrypted /home folder at logout. You should instead shutdown or restart the machine or manually unmount the folder from another sudo/root user. See this question for more information.

Can another user with root privilege change my password, then login my account using the new password see my encrypted /home?

No. Your /home folder is not encrypted with your password, but with a passphrase which is encrypted with your password. Another user changing your password will not affect the passphrase.

At the first login after an administrative password change, you have to mount your encrypted home manually and rewrap the passphrase. For these tasks you need your old and the new password

ecryptfs-mount-private
ecryptfs-rewrap-passphrase ~/.ecryptfs/wrapped-passphrase

When you change your password, the home directory passphrase is re-encrypted with your new password, so you should have continued access to your files with the new password. This is handled via PAM (Pluggable Authentication Modules) (via).


See this related question.


The only answer: yes. The root user of a system could easily install a keylogger or other software to silently record your passphrase - they then have complete access to all your files and without you knowing if they so choose.

The root user of a system can do everything on that system. They essentially own all the data associated with it too. UNLESS your data was encrypted on a different system and then brought over and you didn't decrypt it but I don't think we're talking about that are we.