How to automatically `ecryptfs-mount-private` on `gdm` login in Fedora 27?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I have installed Fedora, but used existing /home partition from previous Ubuntu install:



  • partitions:


    • /boot/efi,


    • / (formatted during install),


    • /home (kept from Ubuntu),


  • user was set-up with same username and password as I had on Ubuntu install.

After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.



To successfully login with mounted /home/<username> I have to:



  1. login to terminal,

  2. run ecryptfs-mount-private,

  3. login through gdm.

Direct login through gdm fails.



How can I make gdm to automatically run ecryptfs-mount-private when logging in?







share|improve this question


























    up vote
    1
    down vote

    favorite












    I have installed Fedora, but used existing /home partition from previous Ubuntu install:



    • partitions:


      • /boot/efi,


      • / (formatted during install),


      • /home (kept from Ubuntu),


    • user was set-up with same username and password as I had on Ubuntu install.

    After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.



    To successfully login with mounted /home/<username> I have to:



    1. login to terminal,

    2. run ecryptfs-mount-private,

    3. login through gdm.

    Direct login through gdm fails.



    How can I make gdm to automatically run ecryptfs-mount-private when logging in?







    share|improve this question
























      up vote
      1
      down vote

      favorite









      up vote
      1
      down vote

      favorite











      I have installed Fedora, but used existing /home partition from previous Ubuntu install:



      • partitions:


        • /boot/efi,


        • / (formatted during install),


        • /home (kept from Ubuntu),


      • user was set-up with same username and password as I had on Ubuntu install.

      After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.



      To successfully login with mounted /home/<username> I have to:



      1. login to terminal,

      2. run ecryptfs-mount-private,

      3. login through gdm.

      Direct login through gdm fails.



      How can I make gdm to automatically run ecryptfs-mount-private when logging in?







      share|improve this question














      I have installed Fedora, but used existing /home partition from previous Ubuntu install:



      • partitions:


        • /boot/efi,


        • / (formatted during install),


        • /home (kept from Ubuntu),


      • user was set-up with same username and password as I had on Ubuntu install.

      After installation, I couldn't login. So, I installed packages ecryptfs-simple.x86_64 and ecryptfs-utils.x86_64.



      To successfully login with mounted /home/<username> I have to:



      1. login to terminal,

      2. run ecryptfs-mount-private,

      3. login through gdm.

      Direct login through gdm fails.



      How can I make gdm to automatically run ecryptfs-mount-private when logging in?









      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 2 '17 at 15:35









      Jeff Schaller

      32.1k849109




      32.1k849109










      asked Nov 20 '17 at 12:26









      kravemir

      1,41621937




      1,41621937




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          0
          down vote













          Tested setup on Fedora 27:



          1. Find out the UUID of the home partition you're trying to mount: blkid
          2. edit /etc/crypttab and add the following line:
          my-encrypted-home UUID="<UUID-from-above-command>" none luks
          3. edit /etc/fstab and comment out the previous home entry and add the following:
          /dev/mapper/my-encrypted-home /home ext4 defaults 1 2


          Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.






          share|improve this answer




















          • It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
            – kravemir
            Nov 21 '17 at 12:26

















          up vote
          0
          down vote



          accepted










          It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:



          chcon -u unconfined_u -t user_home_dir_t /home/<username>/
          chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
          chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
          chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
          chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private


          I have done other experimenting previously, which may have some effect:



          • enabling ecryptfs home encryption in SELinux: setsebool -P useecryptfshome_dirs 1

          • configured pam to use ecryptfs:

            • setting USEECRYPTFS=yes in /etc/sysconfig/authconfig

            • regenerating authconfig --enableecryptfs --updateall


          Check grep ecrypt /etc/pam.d/*:



          /etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
          /etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
          /etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
          /etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
          /etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
          /etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap


          I hope I didn't miss anything in the answer.






          share|improve this answer




















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405761%2fhow-to-automatically-ecryptfs-mount-private-on-gdm-login-in-fedora-27%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            Tested setup on Fedora 27:



            1. Find out the UUID of the home partition you're trying to mount: blkid
            2. edit /etc/crypttab and add the following line:
            my-encrypted-home UUID="<UUID-from-above-command>" none luks
            3. edit /etc/fstab and comment out the previous home entry and add the following:
            /dev/mapper/my-encrypted-home /home ext4 defaults 1 2


            Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.






            share|improve this answer




















            • It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
              – kravemir
              Nov 21 '17 at 12:26














            up vote
            0
            down vote













            Tested setup on Fedora 27:



            1. Find out the UUID of the home partition you're trying to mount: blkid
            2. edit /etc/crypttab and add the following line:
            my-encrypted-home UUID="<UUID-from-above-command>" none luks
            3. edit /etc/fstab and comment out the previous home entry and add the following:
            /dev/mapper/my-encrypted-home /home ext4 defaults 1 2


            Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.






            share|improve this answer




















            • It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
              – kravemir
              Nov 21 '17 at 12:26












            up vote
            0
            down vote










            up vote
            0
            down vote









            Tested setup on Fedora 27:



            1. Find out the UUID of the home partition you're trying to mount: blkid
            2. edit /etc/crypttab and add the following line:
            my-encrypted-home UUID="<UUID-from-above-command>" none luks
            3. edit /etc/fstab and comment out the previous home entry and add the following:
            /dev/mapper/my-encrypted-home /home ext4 defaults 1 2


            Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.






            share|improve this answer












            Tested setup on Fedora 27:



            1. Find out the UUID of the home partition you're trying to mount: blkid
            2. edit /etc/crypttab and add the following line:
            my-encrypted-home UUID="<UUID-from-above-command>" none luks
            3. edit /etc/fstab and comment out the previous home entry and add the following:
            /dev/mapper/my-encrypted-home /home ext4 defaults 1 2


            Reboot, carefully. Plymouth will prompt you for your password. If you get stuck at boot, reboot and edit the grub entry to disable Plymouth (the splashscreen, instructions available here) and wait the timeout period for systemd service files to fail (1min 30s). You will be prompted to enter into recovery mode by logging in as root. Fix the error and reboot.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered Nov 20 '17 at 20:59









            brhenc

            1




            1











            • It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
              – kravemir
              Nov 21 '17 at 12:26
















            • It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
              – kravemir
              Nov 21 '17 at 12:26















            It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
            – kravemir
            Nov 21 '17 at 12:26




            It's not partition, which is encrypted. But, the home folder of user is encrypted: /home/<username>
            – kravemir
            Nov 21 '17 at 12:26












            up vote
            0
            down vote



            accepted










            It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:



            chcon -u unconfined_u -t user_home_dir_t /home/<username>/
            chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
            chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
            chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
            chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private


            I have done other experimenting previously, which may have some effect:



            • enabling ecryptfs home encryption in SELinux: setsebool -P useecryptfshome_dirs 1

            • configured pam to use ecryptfs:

              • setting USEECRYPTFS=yes in /etc/sysconfig/authconfig

              • regenerating authconfig --enableecryptfs --updateall


            Check grep ecrypt /etc/pam.d/*:



            /etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
            /etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
            /etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
            /etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
            /etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
            /etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap


            I hope I didn't miss anything in the answer.






            share|improve this answer
























              up vote
              0
              down vote



              accepted










              It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:



              chcon -u unconfined_u -t user_home_dir_t /home/<username>/
              chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
              chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
              chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
              chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private


              I have done other experimenting previously, which may have some effect:



              • enabling ecryptfs home encryption in SELinux: setsebool -P useecryptfshome_dirs 1

              • configured pam to use ecryptfs:

                • setting USEECRYPTFS=yes in /etc/sysconfig/authconfig

                • regenerating authconfig --enableecryptfs --updateall


              Check grep ecrypt /etc/pam.d/*:



              /etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
              /etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
              /etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
              /etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
              /etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
              /etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap


              I hope I didn't miss anything in the answer.






              share|improve this answer






















                up vote
                0
                down vote



                accepted







                up vote
                0
                down vote



                accepted






                It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:



                chcon -u unconfined_u -t user_home_dir_t /home/<username>/
                chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
                chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
                chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
                chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private


                I have done other experimenting previously, which may have some effect:



                • enabling ecryptfs home encryption in SELinux: setsebool -P useecryptfshome_dirs 1

                • configured pam to use ecryptfs:

                  • setting USEECRYPTFS=yes in /etc/sysconfig/authconfig

                  • regenerating authconfig --enableecryptfs --updateall


                Check grep ecrypt /etc/pam.d/*:



                /etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap


                I hope I didn't miss anything in the answer.






                share|improve this answer












                It was SELinux issue. I solved it by setting up proper security contexts for home and ecryptfs stuff. Run this with unmounted ecryptfs home:



                chcon -u unconfined_u -t user_home_dir_t /home/<username>/
                chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/
                chcon -u unconfined_u -t ecryptfs_t /home/.ecryptfs/<username>/.ecryptfs/*
                chcon -h -u unconfined_u -t user_home_t /home/<username>/* /home/<username>/.*
                chcon -h -u unconfined_u -t ecryptfs_t /home/<username>/.ecryptfs /home/<username>/.Private


                I have done other experimenting previously, which may have some effect:



                • enabling ecryptfs home encryption in SELinux: setsebool -P useecryptfshome_dirs 1

                • configured pam to use ecryptfs:

                  • setting USEECRYPTFS=yes in /etc/sysconfig/authconfig

                  • regenerating authconfig --enableecryptfs --updateall


                Check grep ecrypt /etc/pam.d/*:



                /etc/pam.d/postlogin:auth optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin:password optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin:session optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:auth optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:password optional pam_ecryptfs.so unwrap
                /etc/pam.d/postlogin-ac:session optional pam_ecryptfs.so unwrap


                I hope I didn't miss anything in the answer.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 25 '17 at 11:06









                kravemir

                1,41621937




                1,41621937



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f405761%2fhow-to-automatically-ecryptfs-mount-private-on-gdm-login-in-fedora-27%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?