This forum has been archived. All content is frozen. Please use KDE Discuss instead.

How to create shared KDE Vault for two (or more) users

Tags: None
(comma "," separated)
Registered Member
Hi, for some reasons I wanted to setup shared KDE Vault for two users and found how to do it.
Because I've not found any sources or tutorials covering this topic I will post such here.
In spite of being KDE user for quite a long time I've never use KDE forums before, so sorry for mistakes.

To the topic:
I wanted to have an encrypted KDE vault that will be accessible (not at the same time) by two users.
We should start with creating shared space and managing it's permissions.
You will need sudo powers to do some of the following steps.
I've chosen to create this shared space inside /home/
From terminal run those commands:
Code: Select all
sudo mkdir shared
(replace shared with your own name at will) - create shared space
Code: Select all
sudo groupadd SharedUsers
(replace SharedUsers with your group name at will) - create users group
Code: Select all
 sudo chgrp SharedUsers /home/shared/
- make new group owner of shared directory
Code: Select all
sudo chmod 2775 /home/shared/
- add permissions for new group to shared directory
Code: Select all
sudo setfacl -d -m g:SharedUsers:rwx /home/shared
- setup ACL for shared directory
Code: Select all
sudo usermod -a -G SharedUsers user1
- add your user to new group (replace user1 with your username)
Code: Select all
sudo usermod -a -G SharedUsers user2
- add the other user to new group
To check your username you can use
Code: Select all

If you want to add more users than two just repeat the command with another usernames.
You will need to logout (or reboot) for those changes to be applied.

After login you can check if the permissions are working.
Code: Select all
cd /home/shared
- go to shared directory
Code: Select all
touch test
- try making a new file
Code: Select all
rm test
- try removing a file
Optionaly you can switch to another user
Code: Select all
su user2
(you will need user2's password) and repeat the 3 commands above.

After ensuring the properties were applied successfully we should start creating shared vault.
Make another directory for Vaults in shared space.
Code: Select all
mkdir /home/shared/Vaults

Launch KDE Vaults and add new Vault.
Provide your Vault name and remember it (for me it will be Shared).
I've selected CryFS.
Provide strong password and remember it (will be needed to decrypt Vault) - this password will be the same for every other user using this Shared Vault
In next screen you should provide location for files:
Code: Select all

Mount point can be leave default
Code: Select all
(if you want to change it, remember the value you entered)
In the last step you can choose cipher and other options, you can leave it default.

In the last step you will need to copy your config to another user(s) home directory and adjust the values inside it.
To avoid permissions issues we will copy the config to shared space and then switch user and copy it to their home directory.
Code: Select all
cp ~/.config/plasmavaultrc /home/shared/
- copy settings to shared space
Code: Select all
su user2
- switch to user2 (you will need user2's password)
Code: Select all
cp /home/shared/plasmavaultrc ~/.config/
- copy settings to user2's config directory (do not do it if you had any Vaults on user2, instead open existing config and copy-paste Shared Vault config to the existing plasmavaultrc config file).
Code: Select all
nano ~/.config/plasmavaultrc
- open config in text editor (you can use other editors, e.g. VIM)
If you haven'texiosting vaults copy user1's config and change it's settings, otherwise copy regions from this settings to user2's config file.
Code: Select all

Replace user1 with user2

And the other section:
Code: Select all

For aditional users repeat the above steps (copy config and change MountPoint).
Copy the content of [EncryptedDevices] section.
Save the file (for nano CTRL + O).
Log in as user2 (remember to close Vault from user1.
You should see Vault Shared to be avaliable in GUI.
Decrypt it using shared vault password.

You should make sure to exit the vault before trying to access it from another user.
Registered Member
Thank you for this, works well!


Who is online

Registered users: Bing [Bot], Google [Bot], kesang, Yahoo [Bot]