ecryptfs-users team mailing list archive

[John Magolske <listmail@xxxxxxx>]

* Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> [110127 22:02]:
> On Thu Jan 27, 2011 at 09:49:58PM -0800, John Magolske <listmail@xxxxxxx> wrote:
> > * Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx> [110127 21:21]:
> > > 
> > > What does `ldd /sbin/*mount.ecryptfs` give?
> > 
> > % ldd /sbin/*mount.ecryptfs
> > /sbin/mount.ecryptfs:
> >         linux-gate.so.1 =>  (0xb7f53000)
> >         libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb7f22000)
> >         libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7f1f000)
> >         libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7f1a000)
> >         libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7dd4000)
> >         libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7d5f000)
> >         libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7d5b000)
> >         /lib/ld-linux.so.2 (0xb7f54000)
> > /sbin/umount.ecryptfs:
> >         linux-gate.so.1 =>  (0xb80af000)
> >         libecryptfs.so.0 => /usr/lib/libecryptfs.so.0 (0xb807e000)
> >         libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb807a000)
> >         libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7f33000)
> >         libgcrypt.so.11 => /usr/lib/libgcrypt.so.11 (0xb7ebe000)
> >         libgpg-error.so.0 => /usr/lib/libgpg-error.so.0 (0xb7eba000)
> >         libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7eb7000)
> >         /lib/ld-linux.so.2 (0xb80b0000)
> 
> Well, that's not what I was expecting. I'm going to have to look closer
> at a Debian system to see what I can find.

I guess I should also mention that this Debian Sid installation came
via the GRML distro ( http://grml.org ) ... not sure if that makes any
difference here.

> > > If you're just wanting umount to work without warnings/errors,
> > > `umount -i .crypto-dir` will work until we figure this out. That will
> > > bypass the eCryptfs umount helper and will just perform the unmount.
> > > 
> > > Note that the eCryptfs umount helper is what removes your mount key
> > > from the kernel keyring. So, if you don't want the key to hang around,
> > > you'll need to do something like `keyctl clear @u` after umount with
> > > the -i flag.
> > 
> > Excellent, this does the job for now. Next, to wrap up
> > `mount -t ecryptfs -o key= ...` in a shell script that queries
> > me for the passphrase.
> 
> You can also perform a mount, look at the mount options in
> /proc/mounts, use those arguments to create an entry in /etc/fstab, and
> add the user option. Then, you'll just need to do the following:
> 
> $ ecryptfs-add-passphrase
> $ mount -i ~/.crypto-dir
> 
> You'll be able to do those 2 commands as a regular user and will no
> longer have to switch to root for the mount.

Thanks for the helpful pointers. Because I wish to require the entry
of a passphrase each time the directory is decrypted, I take it doing
something with the `keyctl clear @u` to remove the mount key from the
kernel keyring after each `umount -i ...` will be important (with my
system behaving as it does now).

Regards,

John

-- 
John Magolske
http://B79.net/contact