[laumars]

If you’re encrypting your whole disk (encrypting /root doesn’t give you any benefit) then you will need to enter your passphrase before your system gets as far as reading /etc/shadow.

So that guide basically assumes you either already know your decryption passphrase or you don’t have full disk encryption. In either case, changing roots password wouldn’t lock you out of the root file system

[eitland]

> If you’re encrypting your whole disk

Not what I am talking about.

I'm talking about encrypted home folders.

[fl0wenol]

I've never seen a system set up where root's home folder is encrypted. But also you wouldn't run the system as root normally, so there shouldn't be anything in the root folder to be lost even if that was the case. Getting access so you can fix what's not working is the primary reason for wanting root if you've somehow lost the password, or sudo broke, etc.

[usr1106]

That's ecryptfs. It's no longer supported by newer versions of Ubuntu. The key is not your password. It's somehow protected by a pam module I believe to remember. I once noticed that being root allows you to su into their account, but not decrypting their home directory. So possibly the encryption key is encrypted using the password. One might need the old password to reencrypt the encryption key with the new password.

I had no interest to dig deeper, so I am not sure.

[yjftsjthsd-h]

ecryptfs is one way that encrypted home has been done, but it's also been done with encfs and ZFS (very recently).

[laumars]

And I already said there’s no point encrypting /root. “Root” isn’t a user you should be using day to day so the root home directory should be mostly empty.

Thus if an attacker has root access then it’s literally everything else apart from /root that you need to be worried about. Hence why I discuss disk encryption.