5

I have set up a few bind mounts in fstab, mounting one folder in my home directory to another (AeroFS no sym-link circumvent). My home folder is encrypted.

When the system boots up, it attempts to mount the folders inside home folder prior to mounting the encrypted home folder itself, causing an error.

How can I edit fstab to have the encrypted home folder mount first?

I tried adding noauto, it didn't work.

EDIT: Also, I want to maintain the encryption for security reasons.

fstab content:

# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda2 during installation
UUID=8e26dd0d-f57f-4b63-93b3-7f2743d6fe7a /               ext4    errors=remount-ro 0       1
# /boot/efi was on /dev/sda1 during installation
UUID=C2BB-18A8  /boot/efi       vfat    defaults        0       1
# /home was on /dev/sda4 during installation
UUID=062418c7-ba50-40e4-b3ea-42663e92eba8 /home           ext4    defaults        0       2
# swap was on /dev/sda3 during installation
#UUID=ac66f7ee-7dbe-4e56-9f42-459038a11a12 none            swap    sw              0       0
/dev/mapper/cryptswap1 none swap sw 0 0

#
#Bind mounts for AeroFS to sync outside it's folder:
#
/home/user/Desktop  /home/user/AeroFS/Desktop   none    bind    0   0
/home/user/Documents    /home/user/AeroFS/Documents none    bind    0   0
/home/user/Music    /home/user/AeroFS/Music     none    bind    0   0
/home/user/Pictures /home/user/AeroFS/Pictures  none    bind    0   0
#

lsblk output:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 465.8G  0 disk 
├─sda1   8:1    0   954M  0 part /boot/efi
├─sda2   8:2    0  55.9G  0 part /
├─sda3   8:3    0  14.9G  0 part 
└─sda4   8:4    0   394G  0 part /home
Dean
  • 813
  • 1
  • 10
  • 25
  • possible duplicate of How to stop using built-in home directory encryption? – Panther Apr 02 '15 at 13:51
  • 2
    No, I am certainly not interested to stop using home directory encryption. – Dean Apr 02 '15 at 13:53
  • What is the point of using ecrypts if your data is automatically decrypted at boot ? – Panther Apr 02 '15 at 13:55
  • I have many reasons for choosing to use it, one of them is that it's a portable laptop. In any case, decrypting the home folder is out of the question. – Dean Apr 02 '15 at 13:57
  • 1
    If you automatically decrypt your data when you boot it defeats any advantage of encryption as your data is only encrypted when the laptop is off and is available to anyone who boots the system. With what you posted I highly suggest you reinstall using LUKS and encrypt your entire install with LUKS. Skip encrypting home. Your data will then be encrypted the way you wish and your mount binds will work. – Panther Apr 02 '15 at 14:12
  • 1
    Could you please post your fstab to http://paste.ubuntu.com and post the output of gparted --list so we can have a look??? ;-) – Fabby Apr 04 '15 at 22:16
  • @Fabby: I posted fstab and my disk configuration. Please take a look. – Dean Apr 06 '15 at 15:19
  • @Panther your remarks are completely besides the point (yes, I also looked at the original revision of this question). I am looking for a similar thing. I do not want my home folder to go unencrypted, but I certainly don't care for the read-only bind-mount to my music collection to be encrypted. And so in order to mix and match things the only way of making the desired location available from my home folder while using encryption for the home folder is to delay the mount operation. So perfectly valid use cases. – 0xC0000022L May 27 '20 at 14:10
  • @Dean you probably have moved on from this, but making this a user mount and using the options noauto,x-systemd.automount did the job for me. This way a script inserted to auto-start upon login can perform the mount. – 0xC0000022L Jul 02 '20 at 07:56

2 Answers2

1

The accepted answer doesn't work since non-root users are not able to use the --bind option.

What I used instead was bindfs. It allows non-root users to create bound mounts.

First install bindfs: sudo apt install bindfs. Then, open /etc/fuse.conf and uncomment the line user_allow_other.

Then, in your startup script (which runs after you log in), use the following commands to mount:

bindfs /home/user/Desktop   /home/user/AeroFS/Desktop
bindfs /home/user/Documents /home/user/AeroFS/Documents
bindfs /home/user/Music     /home/user/AeroFS/Music
bindfs /home/user/Pictures  /home/user/AeroFS/Pictures
shivams
  • 219
0

Easy:

  1. Remove the following lines from fstab:

    #
#Bind mounts for AeroFS to sync outside it's folder:
#
/home/user/Desktop  /home/user/AeroFS/Desktop   none    bind    0   0
/home/user/Documents    /home/user/AeroFS/Documents none    bind    0   0
/home/user/Music    /home/user/AeroFS/Music     none    bind    0   0
/home/user/Pictures /home/user/AeroFS/Pictures  none    bind    0   0
#

  2. create the following shell script:

    #!/bin/bash
#
# This script binds AeroFS mounts to sync outside their folder,
# as an answer to https://askubuntu.com/questions/604361/delay-mounts-after-encrypted-home-folder-is-ready
# 
# Copyright (c) 2014 Fabby

# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. See the GNU General Public License for more details.
# You DID NOT receive a copy of the GNU General Public License along with this program as the license is bigger then this program.

mount --bind /home/user/Desktop   /home/user/AeroFS/Desktop
mount --bind /home/user/Documents /home/user/AeroFS/Documents
mount --bind /home/user/Music     /home/user/AeroFS/Music
mount --bind /home/user/Pictures  /home/user/AeroFS/Pictures

  3. Save it under /home/user/bin/MountAeroFS.sh (create the bin directory if it doesn't exist.)

  4. Open Startup Applications, and add the following Command: MountAeroFS.sh. As Name: and Comment: you can add anything to remind you what this is about.

  5. Reboot (as you've just changed your fstab)

Done!

Fabby
  • 34,259
  • I will try it. But, just out of curiosity, shouldn't fstab be able to handle this in a "built-in" manner? It seems strange that this wasn't taken into account. – Dean Apr 08 '15 at 09:46
  • 2
    Lol did you add license to script with 4 mounts – Peter Jul 11 '17 at 12:52
  • @Peter No I did not :D. An upvote would be nice if I made you laugh! ;-) – Fabby Jul 11 '17 at 18:14
  • 2
    how is this supposed to work when only root can use "--bind" option? – derrend Apr 10 '20 at 05:56
  • 1
    @derrend exactly ... this is a very naïve "solution". It may work if /etc/fstab does list the mount points with option noauto,user (not sure this works with bind) and then it's unnecessary to explicitly give the --bind or -o bind when invoking mount. But not sure if this could work. Also PAM modules may be able to do this ... – 0xC0000022L May 27 '20 at 13:59