8

ecryptfs is not installed by default in Ubuntu 18.04 (as already mentioned in this AU question).

When I installed ecryptfs via apt-get everything seemed to work fine at first. But after a reboot I get the following error when using ecryptfs-mount-private:

mount: No such file or directory

Any idea how to fix this problem?
It seems to be solved in Linux Mint 19 Tara.

nealmcb
  • 3,647
user870424
  • 103

3 Answers3

5

Update 2019 Sept:

This bug is now appearing for me in Debian 10 (buster). After some additional investigation, the problem seems to be a missing entry in /etc/pam.d/lightdm

I believe there should be a line:

# Create a new session keyring.
session    optional   pam_keyinit.so force revoke

before:

@include common-account

Original, 2018 Sept post, the following work-around still works, but the fix above might be more correct:

With Ubunutu 18.04 and lightdm / systemd (the GUI login screen) there is something broken wrt Kernel keyring (as of 2018 Sept). This breaks some functionality in the ecryptfs scripts, which make use of the session key-ring.

After logging into your account via the GUI (lightdm), you will notice that your session keyring is not initialized correctly:

keyctl show

There are several work-arounds to this. One was noted by @serg-tt which uses a Linux Console login.

To fix this bug, and get the default user session keyring applied after a GUI login, I put a (temporary) fix by adding a file:

/etc/X11/Xsession.d/98fix-keyring

The contents of this file:


# Work around a bug in lightdm and/or systemd that leaves
# an incorrect session keyring (a root owned keyring)
# applied. I think this supposed to be fixed in pam
# by pam_keyinit.so, however, it does not seem to be
# working.

# Try and use the default session keyring for the user:
[ "$UID" ] || UID=`id -u`
keyringname=_uid_ses.$UID
## keyctl show > /tmp/fix-keyring$$ #DEBUG

STARTUP="keyctl session $keyringname $STARTUP"

After applying this fix, you would need to log out and log back in again.

Gregor
  • 374
  • Thanks for your suggestion Gregor. I setup this script and it seems to work after logout and log back in. But when I restart the pc it doesn't seem to work even though the script is executed. – user870424 Sep 29 '18 at 10:17
  • 1
    I have to correct my last post: it works! Even after a reboot but I had to disable auto login. Thanks again! – user870424 Sep 29 '18 at 14:48
  • 1
    FWIW, the NixOS folks bisected this to a systemd issue and the Debian bug this answer is referring to is 870126. The fix has been explained in LP#1377924 – ckujau Mar 23 '20 at 02:58
  • On Raspbian Buster I had to update /etc/pam.d/lightdm and /etc/pam.d/lightdm-autologin – Pod Jun 28 '23 at 13:16
  • w/out clues as to how correct / incorrect output of keyctl show looks like it is difficult to assess if one experience the same root cause issue. – Alex Martian Jan 02 '24 at 01:26
1

ecryptfs-mount-private is a relatively short (65 lines without comments) shell script, but the only mount call is to mount.ecryptfs_private, and it requires the following files/directories, are they all there?

  • $HOME/.Private as the SOURCE
  • $HOME/Private as the DESTINATION
  • $HOME/.ecryptfs/Private.sig for the key signatures.
  • $HOME/.ecryptfs/wrapped-passphrase

"No such directory" sounds like you're missing ~/Private or ~/.Private. Maybe ecryptfs-setup-private wasn't entirely successful? You could step through it one line at a time if you wanted to, this command lets you see it:

less `which ecryptfs-setup-private`
Xen2050
  • 8,705
  • 1
    All directories and files are present. What is really strange: When I try the command 5 or 10 ten times it eventually works! But after a reboot I have to do the same again – user870424 Sep 13 '18 at 10:14
  • Is it only the mount.ecryptfs_private... line that needs repeating 10 times until it works? That sounds a lot like a bug... – Xen2050 Sep 14 '18 at 02:30
  • yes, either this or the ecrypt-setup-private script. I'm sure it is a bug. I've read that ecryptfs has some problems with systemd. I wonder if this was solved in other distributions like Linux Mint 19 Tara. – user870424 Sep 14 '18 at 20:49
1

The cryptfs's mount doesn't work on GUI(through shortcut "Access-Your-Private-Data.desktop" or terminal ) .

Little workaround is: you have to exec command mount:
$ ecryptfs-mount-private
on any tty (Ctrl F(3-6)), {Ctrl (F2-1) will back you to your GUI session} or ssh...
profit )

Serg Tt
  • 11