by roti » Jun 2nd, '21, 19:59
I think you mix two different things: permissions (access to files/data) and encryption.
Encryption means, data (your files) are saved in an encrypted manner to the disk, and therefore can't be read unless the encryption key is known. By anybody. Permission means, a particular user (which is authenticated) does not have rights to read/write certain files or folders.
I'll explain with some examples. Suppose you have a laptop, and two user accounts exists on that laptop. You have permissions set up so that folder A is accesible (for read and write) only to one user and not the other. During normal usage of that latop these permissions will work as expected: person1 logs in as user1 and will have permissions to folder A. When person2 logs in as user2, he/she will not have access to folder A.
Now, if someone steals the laptop, that person will not know the password for user1 or user2, so one would think the data is safe, but it's not the case. That person could take the hard drive out, and install it in another computer, where the user passwords are known. So the person logs in to the new computer, with a different user, and can access the data without any problems, regardless of any user permissions.
Now, if the data on the hard disk was encrypted this would not be possible, because encrypted data needs a decryption key to be readable. That key could be a password, or something else, but the point is, it's got nothing to do with user authentication or permissions. Without the decryption key, the data can be read, but not understood. So it's useless.
In other words: user permissions to files/folders/other things are controlled by the operating system, which can authenticate and identify users. Encryption refers to how the data is saved on the disc, regardless of OS users/permissions.
Judging by the way you frazed the question, I would guess you are interested in encryption. If you have a SSD I would suggest to check if it has hardware encryption. My Samsung SSD does, so I solved my problem with just defining a BIOS password. (of course, check with your SSD how the hardware encryption works). If not, then you could use LUKS (which is also available in Mageia) to set up encryption for all or some of the partitions.
A word of warning: encryption is a double egde sword. It provides protection, but if you loose the key, you loose your data. There's no backup/password reset or something similar. That's the whole point: you can access the data if you have the key (no matter who you are), otherwise no. So use it with caution. I nearly lost a significant amount of photos due to not realizing this.