ecryptfs team mailing list archive

Thread
Date
[Bug 259631] Re: Cannot open Private directory after a reboot when "Automatic Login" enabled

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Tue, 04 Nov 2008 16:31:45 -0000
Reply-to: Bug 259631 <259631@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Stable Release Update Request

Per:
 * https://wiki.ubuntu.com/StableReleaseUpdates

 1) This bug affects any users using Intrepid's easy-to-configure
"Automatic Login" option, in conjunction with Encrypted Private
Directories.  Encrypted Private Directories absolutely *require* that
you enter your password at some point, in order to unwrap the mount
passphrase and mount the encrypted Private directory.  This might seem
obvious to the technical among us, but it's not obvious to some of our
users.

 2) The proposed fix, which has been committed upstream, involves the following, in order to provide an interactive mechanism for prompting for a password when attempting to access the encrypted private directory:
  * doc/ecryptfs-mount-private.txt: new file, to be placed as
    "README.txt" in a user's unmount encrypted ~/Private directory
  * src/desktop/ecryptfs-mount-private.desktop: new desktop file,
    to be installed in each user's unmounted Private dir, providing a
    clickable way to mount (tested in Gnome and KDE)
  * src/utils/ecryptfs-setup-private: link the readme and desktop file
    into the unmount Private dir
  * src/utils/ecryptfs-mount-private: completely overhauled to
    interactively prompt for a user's login password, unwrap the mount
    passphrase and insert into the keyring, and perform the mount
  * src/utils/ecryptfs-umount-private: completely overhauled to drop the
    deprecated (and broken) counter mechanism, and very simply call
    umount.ecryptfs_private
  * src/utils/mount.ecryptfs_private.c: provide a helpful "hint" when a
    key isn't found, that perhaps they user wants to try the interactive
    ecryptfs-mount-private utility 
  * See: http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=923a2e4bc05e8a6bb4a3ca836f9080b13bd84b3c

 3) Patch is attached.

 4) TEST CASE:
  a) install Ubuntu or Kubuntu, and configure the system for "Automatic Login"
  b) sudo apt-get install ecryptfs-utils
  c) ecryptfs-setup-private
  d) mount.ecryptfs_private
  e) copy some data into ~/Private
  f) reboot, allow the machine to automatically login
  g) try to access ~/Private, only will see symlink saying that the directory has been unmounted

 5) The only regression potential I see is the overloading of the
ecryptfs-mount-private and ecryptfs-umount-private utilities.  These
were two small, wrapper scripts which have been included in the package,
but broken and deprecated.  Their functionality was completely
supplanted by the mount.ecryptfs_private setuid binary and the built-in
counter functionality, and the hooks in pam_ecryptfs to call
mount.ecryptfs_private/umount.ecryptfs_private.  Before the pam module
handled this, these utilities were added to .bash_profile.  That never
made it into Ubuntu, and these utilities have not been used.  As
upstream, the intention is for these utilities to become the interactive
wrapper for the compact, hardened /sbin/mount.ecryptfs_private.

:-Dustin

** Attachment added: "ecryptfs-utils.259631.debdiff"
   http://launchpadlibrarian.net/19342744/ecryptfs-utils.259631.debdiff

-- 
Cannot open Private directory after a reboot when "Automatic Login" enabled
https://bugs.launchpad.net/bugs/259631
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Fix Committed
Status in “ecryptfs-utils” source package in Ubuntu: In Progress

Bug description:
Binary package hint: ecryptfs-utils

I created an encrypted private directory following the instructions here:

https://wiki.ubuntu.com/EncryptedPrivateDirectory

Everything worked as it should until I rebooted. When I try to mount my private directory I get the following message:

 jimk@intrepid:~$ mount.ecryptfs_private
keyctl_search: Required key not available

When I go to create a key, I get the following message:

jimk@intrepid:~$ ecryptfs-setup-private
ERROR: wrapped-passphrase file already exists, use --force to overwrite.

I can create a new passphrase if I use the force option, but I shouldn't have to do this everytime I reboot