13

Is there a simple way to tell if I'm using ecryptfs on my home directory? I tried running the ecryptfs-migrate-home script a while ago, and it failed part way through. I assumed that it went back to using my old plain, unencrypted home, but I just noticed that /home/.ecryptfs/naught10t/.Private exists, and has lots of files in it...

naught101
  • 1,582

3 Answers3

20

If ecryptfs is being used, your home folder will be mounted. You can check if it is with this command:

df -T

When I run it, I get this result:

kalle@Kalle-PC:~$ df -T
Filesystem           Type      1K-blocks       Used Available Use% Mounted on
/dev/sdc1            ext4      115376648    9002220 100513568   9% /
udev                 devtmpfs    2050188          4   2050184   1% /dev
tmpfs                tmpfs        824108       1128    822980   1% /run
none                 tmpfs          5120          0      5120   0% /run/lock
none                 tmpfs       2060264        900   2059364   1% /run/shm
/dev/sdb1            fuseblk  1953512444 1183183452 770328992  61% /media/x
/dev/sda2            ext4      861466440  138769200 678937216  17% /home
/home/kalle/.Private ecryptfs  861466440  138769200 678937216  17% /home/kalle

I have several drives on my system, but the last line is the relevant one. It shows that /home/kalle/.Private of type ecryptfs is mounted to /home/kalle, which is my home directory.

Run df -T on your system and check the results.

Kalle Elmér
  • 8,288
  • Am I right that if I unmount /home/me/.Private, then /home/me/ should be empty? (except for the .Private folder?) – naught101 Sep 24 '12 at 00:24
  • It doesn't have to be, but if it is, then that means the unencrypted files in your home folder no longer exist, and you are using ecryptfs.

    If your files are still there, however, it would mean that the contents of your home were duplicated to ecryptfs, but not deleted from their original location.

    What is the case?

     – Kalle Elmér Sep 24 '12 at 13:42
  • Looks like it's all good. Interesting thing though- I had to log out and log in as root, to check, and even though my user was logged out, the ecryptfs partition was still mounted - I had to manually unmount it. Doesn't seem very secure... – naught101 Sep 24 '12 at 23:20
  • 1
    I guess this is only meant to prevent people from reading data directly from the disk, which would bypass all the file permissions. It is good to know, though, that any other user with the right permissions can read your files after you have logged in. – Kalle Elmér Sep 26 '12 at 08:23
1

Type the command mount into a terminal. This will list devices and their filesystem. Look for ecryptfs.

  • 1
    While I understand what you're getting at, this answer would be useless for a beginner. – naught101 Sep 24 '12 at 00:23
  • For beginners, run this: echo "Your home directory is $( mount | grep ecryptfs > /dev/null || echo 'not ' )encrypted." – sondra.kinsey Aug 30 '17 at 16:15
  • However, @Kalle Elmér's answer is more future-proof, as it will reveal other programs which mount your home directory rather than it being a normal directory. – sondra.kinsey Aug 30 '17 at 16:18
0

I wanted to use fallocate in a script and found that I am still using ecryptfs on one of the machines I tested which failed, telling me that fallocate is not supported.

The code I implemented and shellchecked to detect this condition and use dd instead is this:

if $(grep -q -e "^${HOME}/.Private ${HOME} ecryptfs" "/proc/mounts"); then
  echo 'eCryptfs detected!';
fi
LiveWireBT
  • 28,763