ecryptfs team mailing list archive

Thread
Date

[Bug 317895] Re: netboot newuser and ecryptfs fails to login

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Mackenzie Morgan <macoafi@xxxxxxxxx>
Date: Sun, 22 Feb 2009 20:18:10 -0000
Reply-to: Bug 317895 <317895@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I'm on a local system. Nothing from /etc/skel/* was written to my ~
before i chmod'd 700 on ~ and KDE did *not* like that it was 500.

Also, what I see happening with the patch is the following (consider user "test3"):
Before test3 logs in:
drwxr-xr-x 5 test3 test3 4096 2009-02-22 03:59 test3
After test3 logs in:
drwx------ 30 test3 test3 12288 2009-02-22 03:59 test3

Before the patch, when a user setup with ecryptfs bootstrapping is
logged in (and thus the drive should be unencrypted), the permissions
are 500.

The patch does not affect what the permissions are when the user isn't
logged in. In the case that the encrypted directory is not mounted, the
mountpoint (~) is 755 regardless. The 55 doesn't matter so much since
the files all display as empty to any other user, but that 7 could screw
up what you're saying about unencrypted files that go invisible post-
mounting.

I think what you're describing would require changing the before-
mounting permissions to 555 and having the post-mounting permissions be
700. The patch only covers the latter part of that.

--
netboot newuser and ecryptfs fails to login
https://bugs.launchpad.net/bugs/317895
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in eCryptfs - Enterprise Cryptographic Filesystem: New
Status in “ecryptfs-utils” source package in Ubuntu: Triaged

Bug description:
Steps to reproduce:

1. take the netboot directory from the alternate CD and setup a tftp server with it
2. boot a system over the network using the attached preseed file
3. login with that user after installation is done

At login the user cannot mount it's ~/.Private directory over to ~/.

I fixed this by doing:

1. login as root
2. rm -fr ~user/.ecryptfs ~user/.Private
3. su - user
4. ecrypt-setup-private
5. changed .Private/Private.mnt to point to /home/user instead of /home/user/Private

There might not be a simple way to provide a password from a preseed file since the password is encrypted in this file.

Note:
- when using the preseed file provided, do not provide any manual input (except if something fails and you need to hit continue).