How to automatically `ecryptfs-mount-private` on `gdm` login in Fedora 27?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have installed Fedora, but used existing /home partition from previous Ubuntu install:
- partitions:
/boot/efi,/(formatted during install),/home(kept from Ubuntu),
- user was set-up with same username and password as I had on Ubuntu install.
After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.
To successfully login with mounted /home/<username> I have to:
- login to terminal,
- run
ecryptfs-mount-private, - login through gdm.
Direct login through gdm fails.
How can I make gdm to automatically run ecryptfs-mount-private when logging in?
fedora gdm ecryptfs
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
asked Nov 20 '17 at 12:26
kravemir
1,41621937
add a comment |Â
up vote
1
down vote
favorite
I have installed Fedora, but used existing /home partition from previous Ubuntu install:
- partitions:
/boot/efi,/(formatted during install),/home(kept from Ubuntu),
- user was set-up with same username and password as I had on Ubuntu install.
After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.
To successfully login with mounted /home/<username> I have to:
- login to terminal,
- run
ecryptfs-mount-private, - login through gdm.
Direct login through gdm fails.
How can I make gdm to automatically run ecryptfs-mount-private when logging in?
fedora gdm ecryptfs
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
asked Nov 20 '17 at 12:26
kravemir
1,41621937
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have installed Fedora, but used existing /home partition from previous Ubuntu install:
- partitions:
/boot/efi,/(formatted during install),/home(kept from Ubuntu),
- user was set-up with same username and password as I had on Ubuntu install.
After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.
To successfully login with mounted /home/<username> I have to:
- login to terminal,
- run
ecryptfs-mount-private, - login through gdm.
Direct login through gdm fails.
How can I make gdm to automatically run ecryptfs-mount-private when logging in?
fedora gdm ecryptfs
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
asked Nov 20 '17 at 12:26
kravemir
1,41621937
I have installed Fedora, but used existing /home partition from previous Ubuntu install:
- partitions:
/boot/efi,/(formatted during install),/home(kept from Ubuntu),
- user was set-up with same username and password as I had on Ubuntu install.
After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.
To successfully login with mounted /home/<username> I have to:
- login to terminal,
- run
ecryptfs-mount-private, - login through gdm.
Direct login through gdm fails.
How can I make gdm to automatically run ecryptfs-mount-private when logging in?
fedora gdm ecryptfs
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
asked Nov 20 '17 at 12:26
kravemir
1,41621937
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
edited Dec 2 '17 at 15:35
Jeff Schaller
32.1k849109
32.1k849109
asked Nov 20 '17 at 12:26
kravemir
1,41621937
asked Nov 20 '17 at 12:26
kravemir
1,41621937
asked Nov 20 '17 at 12:26
kravemir
1,41621937
1,41621937
add a comment |Â
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
0
down vote
Tested setup on Fedora 27:
1. Find out the UUID of the home partition you're trying to mount: blkid
2. edit /etc/crypttab and add the following line:
my-encrypted-home UUID="<UUID-from-above-command>" none luks
3. edit /etc/fstab and comment out the previous home entry and add the following:
/dev/mapper/my-encrypted-home /home ext4 defaults 1 2
Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.
answered Nov 20 '17 at 20:59
brhenc
1
It's not partition, which is encrypted. But, the home folder of user is encrypted:/home/<username>
– kravemir
Nov 21 '17 at 12:26
add a comment |Â
up vote
0
down vote
accepted
It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:
chcon -u unconfined_u -t user_home_dir_t /home/<username>/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private
I have done other experimenting previously, which may have some effect:
- enabling
ecryptfshome encryption in SELinux:setsebool -P useecryptfshome_dirs 1 - configured pam to use ecryptfs:
- setting
USEECRYPTFS=yesin/etc/sysconfig/authconfig - regenerating
authconfig --enableecryptfs --updateall
- setting
Check grep ecrypt /etc/pam.d/*:
/etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap
I hope I didn't miss anything in the answer.
answered Nov 25 '17 at 11:06
kravemir
1,41621937
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Tested setup on Fedora 27:
1. Find out the UUID of the home partition you're trying to mount: blkid
2. edit /etc/crypttab and add the following line:
my-encrypted-home UUID="<UUID-from-above-command>" none luks
3. edit /etc/fstab and comment out the previous home entry and add the following:
/dev/mapper/my-encrypted-home /home ext4 defaults 1 2
Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.
answered Nov 20 '17 at 20:59
brhenc
1
It's not partition, which is encrypted. But, the home folder of user is encrypted:/home/<username>
– kravemir
Nov 21 '17 at 12:26
add a comment |Â
up vote
0
down vote
Tested setup on Fedora 27:
1. Find out the UUID of the home partition you're trying to mount: blkid
2. edit /etc/crypttab and add the following line:
my-encrypted-home UUID="<UUID-from-above-command>" none luks
3. edit /etc/fstab and comment out the previous home entry and add the following:
/dev/mapper/my-encrypted-home /home ext4 defaults 1 2
Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.
answered Nov 20 '17 at 20:59
brhenc
1
It's not partition, which is encrypted. But, the home folder of user is encrypted:/home/<username>
– kravemir
Nov 21 '17 at 12:26
add a comment |Â
up vote
0
down vote
up vote
0
down vote
Tested setup on Fedora 27:
1. Find out the UUID of the home partition you're trying to mount: blkid
2. edit /etc/crypttab and add the following line:
my-encrypted-home UUID="<UUID-from-above-command>" none luks
3. edit /etc/fstab and comment out the previous home entry and add the following:
/dev/mapper/my-encrypted-home /home ext4 defaults 1 2
Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.
answered Nov 20 '17 at 20:59
brhenc
1
Tested setup on Fedora 27:
1. Find out the UUID of the home partition you're trying to mount: blkid
2. edit /etc/crypttab and add the following line:
my-encrypted-home UUID="<UUID-from-above-command>" none luks
3. edit /etc/fstab and comment out the previous home entry and add the following:
/dev/mapper/my-encrypted-home /home ext4 defaults 1 2
Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.
answered Nov 20 '17 at 20:59
brhenc
1
answered Nov 20 '17 at 20:59
brhenc
1
answered Nov 20 '17 at 20:59
brhenc
1
answered Nov 20 '17 at 20:59
brhenc
1
1
It's not partition, which is encrypted. But, the home folder of user is encrypted:/home/<username>
– kravemir
Nov 21 '17 at 12:26
add a comment |Â
It's not partition, which is encrypted. But, the home folder of user is encrypted:/home/<username>
– kravemir
Nov 21 '17 at 12:26
It's not partition, which is encrypted. But, the home folder of user is encrypted:
/home/<username>– kravemir
Nov 21 '17 at 12:26
It's not partition, which is encrypted. But, the home folder of user is encrypted:
/home/<username>– kravemir
Nov 21 '17 at 12:26
add a comment |Â
up vote
0
down vote
accepted
It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:
chcon -u unconfined_u -t user_home_dir_t /home/<username>/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private
I have done other experimenting previously, which may have some effect:
- enabling
ecryptfshome encryption in SELinux:setsebool -P useecryptfshome_dirs 1 - configured pam to use ecryptfs:
- setting
USEECRYPTFS=yesin/etc/sysconfig/authconfig - regenerating
authconfig --enableecryptfs --updateall
- setting
Check grep ecrypt /etc/pam.d/*:
/etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap
I hope I didn't miss anything in the answer.
answered Nov 25 '17 at 11:06
kravemir
1,41621937
add a comment |Â
up vote
0
down vote
accepted
It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:
chcon -u unconfined_u -t user_home_dir_t /home/<username>/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private
I have done other experimenting previously, which may have some effect:
- enabling
ecryptfshome encryption in SELinux:setsebool -P useecryptfshome_dirs 1 - configured pam to use ecryptfs:
- setting
USEECRYPTFS=yesin/etc/sysconfig/authconfig - regenerating
authconfig --enableecryptfs --updateall
- setting
Check grep ecrypt /etc/pam.d/*:
/etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap
I hope I didn't miss anything in the answer.
answered Nov 25 '17 at 11:06
kravemir
1,41621937
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:
chcon -u unconfined_u -t user_home_dir_t /home/<username>/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private
I have done other experimenting previously, which may have some effect:
- enabling
ecryptfshome encryption in SELinux:setsebool -P useecryptfshome_dirs 1 - configured pam to use ecryptfs:
- setting
USEECRYPTFS=yesin/etc/sysconfig/authconfig - regenerating
authconfig --enableecryptfs --updateall
- setting
Check grep ecrypt /etc/pam.d/*:
/etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap
I hope I didn't miss anything in the answer.
answered Nov 25 '17 at 11:06
kravemir
1,41621937
It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:
chcon -u unconfined_u -t user_home_dir_t /home/<username>/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private
I have done other experimenting previously, which may have some effect:
- enabling
ecryptfshome encryption in SELinux:setsebool -P useecryptfshome_dirs 1 - configured pam to use ecryptfs:
- setting
USEECRYPTFS=yesin/etc/sysconfig/authconfig - regenerating
authconfig --enableecryptfs --updateall
- setting
Check grep ecrypt /etc/pam.d/*:
/etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
/etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap
I hope I didn't miss anything in the answer.
answered Nov 25 '17 at 11:06
kravemir
1,41621937
answered Nov 25 '17 at 11:06
kravemir
1,41621937
answered Nov 25 '17 at 11:06
kravemir
1,41621937
answered Nov 25 '17 at 11:06
kravemir
1,41621937
1,41621937
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405761%2fhow-to-automatically-ecryptfs-mount-private-on-gdm-login-in-fedora-27%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
