ecryptfs-users team mailing list archive

[Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>]

On Thu Jan 27, 2011 at 09:49:58PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> Thanks for the helpful reply,
> 
> * Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> [110127 21:21]:
> > On Thu Jan 27, 2011 at 07:37:05PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> > > I'm trying to create an encrypted directory 
> > > [...]
> > > I tried this:
> > > 
> > >   % mkdir .crypto-dir
> > >   % chmod 700 .crypto-dir
> > >   # aptitude install ecryptfs-utils
> > >   # modprobe ecryptfs
> > >   # mount -t ecryptfs .crypto-dir .crypto-dir
> > >   Passphrase:
> > >   [...]
> > > 
> > > Then I cd'd into ~/.crypto-dir (as non-root) and created some
> > > files there. But when I try to umount, I'm getting this:
> > > 
> > >   # umount .crypto-dir
> > >   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> > >   undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> > >   /sbin/umount.ecryptfs: symbol lookup error: /sbin/umount.ecryptfs:
> > >   undefined symbol: ecryptfs_remove_auth_tok_from_keyring
> > 
> > What does `ldd /sbin/*mount.ecryptfs` give?
> 
> % ldd /sbin/*mount.ecryptfs
> /sbin/mount.ecryptfs:
>         linux-gate.so.1 =>  (0xb7f53000)
>         libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb7f22000)
>         libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7f1f000)
>         libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7f1a000)
>         libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7dd4000)
>         libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d5f000)
>         libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d5b000)
>         /lib/ld-linux.so.2 (0xb7f54000)
> /sbin/umount.ecryptfs:
>         linux-gate.so.1 =>  (0xb80af000)
>         libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb807e000)
>         libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb807a000)
>         libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7f33000)
>         libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7ebe000)
>         libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7eba000)
>         libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7eb7000)
>         /lib/ld-linux.so.2 (0xb80b0000)

Well, that's not what I was expecting. I'm going to have to look closer
at a Debian system to see what I can find.

> 
> > ecryptfs_remove_auth_tok_from_keyring() is in libecryptfs and
> > umount.ecryptfs should be linked against it. I'm guessing that you
> > either have an old libecryptfs laying around somewhere
> > (/usr/local/lib/ ?) or something is wrong with the way that debian is
> > building umount.ecryptfs.
> 
> I've never used eCryptfs on this system or anywhere before. Also,
> didn't see anything under /usr/local/lib/ ...
> 
> > If you're just wanting umount to work without warnings/errors,
> > `umount -i .crypto-dir` will work until we figure this out. That will
> > bypass the eCryptfs umount helper and will just perform the unmount.
> > 
> > Note that the eCryptfs umount helper is what removes your mount key
> > from the kernel keyring. So, if you don't want the key to hang around,
> > you'll need to do something like `keyctl clear @u` after umount with
> > the -i flag.
> 
> Excellent, this does the job for now. Next, to wrap up
> `mount -t ecryptfs -o key= ...` in a shell script that queries
> me for the passphrase.

You can also perform a mount, look at the mount options in
/proc/mounts, use those arguments to create an entry in /etc/fstab, and
add the user option. Then, you'll just need to do the following:

$ ecryptfs-add-passphrase
$ mount -i ~/.crypto-dir

You'll be able to do those 2 commands as a regular user and will no
longer have to switch to root for the mount.

Tyler

> 
> Best regards,
> 
> John
> 
> 
> -- 
> John Magolske
> http://B79.net/contact
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~ecryptfs-users
> Post to     : ecryptfs-users@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ecryptfs-users
> More help   : https://help.launchpad.net/ListHelp