We can stop ecryptfs from unlocking the Private folder on startup, by removing the empty file auto-mount
which is located in ~/.ecryptfs/
, where you also can remove the auto-umount
file, if you would like ecryptsfs to stop unmounting the private folder upon shutdown and logout.
OK Folks, here is the true fix.
I was reading an article on ecryptfs (http://ecryptfs.sourceforge.net/ecryptfs-pam-doc.txt) and found that PAM is involved and thus started looking in /etc/pam.d/ and found 2 files that need to be modified:
/etc/pam.d/common-auth
/etc/pam.d/common-session
Do the following as root, but make a backup copy first in a directory OUT OF this directory like ~/
or it will possibly run the backup which is unmodified.
In /etc/pam.d/common-session
look for a line that says:
auth optional pam_ecryptfs.so unwrap
and comment it out like:
#auth optional pam_ecryptfs.so unwrap
In /etc/pam.d/common-auth
look for a line that says:
session optional pam_ecryptfs.so unwrap
and comment it out like
#session optional pam_ecryptfs.so unwrap
Both files must be modified. The common-session file is what cause the actually mounting and the common-auth unwraps the passphrase.
If just common-session is commented out (as I tried first), all one has to do is type ecrypt-mount-private and it will mount without the login passphrase. This is NOT GOOD. So the common-auth must be modified to prevent the loading of the unwrapped passphrase into the kernel.
The caveat to this is that THIS AFFECTS ALL USERS. I have just discovered the above by rooting around myself and it satisfies my needs. However, it will make it more difficult on a multiuser system for novices as the Private will not be automatically mounted. There may be a way to prevent this on a user-level (not system level) but I don't know how to do that.
Hope this helps someone in the future.
Yours,
Narnie
You will need to restart your computer after you modify those files.
Best Answer
If ecryptfs is being used, your home folder will be mounted. You can check if it is with this command:
When I run it, I get this result:
I have several drives on my system, but the last line is the relevant one. It shows that /home/kalle/.Private of type ecryptfs is mounted to /home/kalle, which is my home directory.
Run
df -T
on your system and check the results.