Just a short remark which took me several hours to figure out:
I tried to follow 3.2 manual setup without ecryptfs-utils and it worked very well until I tried to get my encrypted directory mounted on login.
It is now working and two crucial steps seemed to be: 1. besides pam_mount.so use also pam_ecryptfs.so 2. put an empty file "auto-mount" into /home/USER/.ecryptfs
Especially figuring out 2. has taken a lot of time. It would be good if the article would mention this fact. If someone who really knows ecryptfs can verify that I have done the right things, then one should add remarks about this to the page.
- Hi, can you please put a link here which section you followed? Did you use the ecryptfs-simple package (section 3.2)? Section 3.1 mentions the points you make (ECryptfs#Auto-mounting). Sections 3.2 and 3.3 dont. I assume you refer to 3.3 ECryptfs#Without_ecryptfs-utils, please confirm. --Indigo (talk) 06:56, 26 March 2015 (UTC)
- Thanks. I now re-tried the section 3.3.2 again. My results for the described pam_mount are different though, i.e. I did not need your points (1) and (2) above at all. It mounts like it should, but tor some reason the directory is user-mounted twice and does not unmount on logout.
- Not sure what to make of that, maybe someone else has an idea. How do you login (console, gdm, kdm, slim,...)? Did you use the ecryptfs-utils default directory name (~/.Private,~/Private) or another one? Have you modified
/etc/pam.d/system-authfor other reasons before? --Indigo (talk) 19:06, 26 March 2015 (UTC)
- Edit: Now I figured why I had different results and was able to confirm yours. The reason was that I had an old /etc/modules-load.d autoload for ecryptfs and fuse (needed for other reasons) which I forgot about. Removing that I arrive at your results. The problems described above remain though. I have adjusted the section with , does it reflect your experience now correctly? --Indigo (talk) 20:06, 26 March 2015 (UTC)
- With reference to this talk I received a suggestion of a different approach via email. It employs pam_exec instead of pam_mount and it is suggested not to have the unmounting problem. See the short write up. Note it is used on systemd-based debian Jessie and I have not looked into porting/testing it to Arch yet. If someone does, please give some input on your results. Thanks. --Indigo (talk) 16:36, 14 February 2017 (UTC)