Disable automatic mounting of ecryptfs of Private at Gnome startup

[narnie]

Hello,

I have been searching and searching for a way disable the initial mounting of my ecryptfs Private folder on login.

I have run ecryptfs-umount-private at the beginning of the Gnome session, but that is an after-the-fact solution. It also doesn't clear the tokens from the keyring for some reason, as all I have to do is click on the Access your Private..." and it will mount it decrypted without asking me for the login passphrase. If I run ecryptfs-umount-private from a command line, it will dismount it and clear the keyring as it should, but doesn't do this at initial logon. Hence, my desire to prevent it's mounting in the first place (plus I just wanna know, hehe). I don't want to walk away from the computer and have another user with root privileges look at my "Privates" while it is mounted when I didn't want it mounted really in the first place.

Does anyone know how ecryptfs is automounted (and hopefully how to prevent it)? If so, please, please share this mystical knowledge.

Thanks,
Narnie

[Lars Noodén]

What does /etc/fstab say, if anything, about it?

[Soul-Sing]

Does anyone know how ecryptfs is automounted (and hopefully how to prevent it)? If so, please, please share this mystical knowledge.

ecrypt decrypt automag. your .private with your login password.

[Soul-Sing]

Does anyone know how ecryptfs is automounted (and hopefully how to prevent it)? If so, please, please share this mystical knowledge.

ecryptfs decrypt automag. your .private with your login password.
that process can be changed....
(: http://bodhizazen.net/Tutorials/Ecryptfs/)

[narnie]

ecryptfs decrypt automag. your .private with your login password.
that process can be changed....
(: http://bodhizazen.net/Tutorials/Ecryptfs/)

Hmm. Interesting. I saw that file in ~/.ecryptfs and tried renaming it to bak.auto-mount.bak and rebooted the system. I could no longer login via gdm. I COULD log in via a vtty, which I did and renamed it back. Gotta go for a sec and when I get home, this will be the first thing I try.

In the mean time, I would like to know (just to increase my knowledge base) what is checking for this auto-mount (empty) file and when and from what is it called to do so?

Thanks,
Narnie

[narnie]

Hmm. Interesting. I saw that file in ~/.ecryptfs and tried renaming it to bak.auto-mount.bak and rebooted the system. I could no longer login via gdm. I COULD log in via a vtty, which I did and renamed it back. Gotta go for a sec and when I get home, this will be the first thing I try.

In the mean time, I would like to know (just to increase my knowledge base) what is checking for this auto-mount (empty) file and when and from what is it called to do so?

Thanks,
Narnie

As I feared, completely removing auto-mount from ~/.ecryptfs DOES result in a strange gdm hang in that it never seems to take my password but doesn't time out in the normal fashion as if one mistypes the password. It hangs the gdm and which then reboots itself as if CTRL-ALT-BKSP is hit. I restored the auto-mount file and I got back in fine.

As I feared, no dice, at least on my system, for this trick. Hence, again, my strong desire to know what calls ecryptfs-mount-private in the first place. I think it happens due to tight integration in with PAM so it is somewhere with that handoff of a validated gdm call to login and the actual transfer to Gnome in some manner (but then again I could be way off and probably am )

Narnie

[narnie]

In the meantime, I have just written a simple script rather than calling ecryptfs-umount-private directly using the startup application under the preferences menu which just unmounts the ecryptfs Private dir, remounts it (it DOES NOT ask for the login passphrase, at least on my system), and then turns around and unmounts it again. A nasty quick-fix band-aid-type fix for this problem until I find out how to go to the source with it to prevent mounting in the first place.

I put the code below in ~/bin/privatize where privatize is the file.

Code:

#! /bin/bash
#unmount private folder - ecryptfs-unmount-private is run twice to ensure keyring is cleared
ecryptfs-umount-private
ecryptfs-mount-private
ecryptfs-umount-private
exit

then make it runnable with:

Code:

chmod +x ~/bin/privatize

I then used Menu->Preferences->startup applications to add this file to the startup processes.

It works like a charm. Now, just for the source of the mounting in the first place.

Narnie

[narnie]

What does /etc/fstab say, if anything, about it?

/etc/fstab

is quite about ecryptfs. There are just the linux os, home, and swap partitions as the only entries in my fstab.

[undecim]

rm ~/.ecryptfs/auto-mount

Note: If you encrypt your entire home directory with ecryptfs (as i do) you need to umount it first

[narnie]

rm ~/.ecryptfs/auto-mount

Note: If you encrypt your entire home directory with ecryptfs (as i do) you need to umount it first

This resulted in a complete inability to login via GDM on my system. Please see the posts where I explained this above.

Narnie.