eCryptfs

"mount: Operation not permitted" on every login or after ecryptfs-mount-private

Bug #1021376 reported by Igor Novikov
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
eCryptfs
Incomplete
Undecided
Unassigned

Bug Description

I get the message "mount: Operation not permitted" whenever I try to login with a newly created user or to run ecryptfs-mount-private. Obviously, my supposedly encrypted home directory doesn't get mounted.

My distribution is Lubuntu 12.04 pendrive with persistent storage.

I tried the following, to no avail:

# ecryptfs-add-passphrase --fnek
# chmod +s /sbin/mount.ecryptfs*

The permissions to to the user .Private directory are following:

septi@lubuntu:~$ ls /home/.ecryptfs/septi/ -al
total 16
drwxr-xr-x 4 septi septi 4096 Jul 5 08:34 .
drwxr-xr-x 3 root root 4096 Jul 5 08:34 ..
drwx------ 2 septi septi 4096 Jul 5 08:35 .ecryptfs
drwx------ 2 septi septi 4096 Jul 5 08:35 .Private

Also, I can successfully use ecryptfs-recover-private. But I'm not interested in recovering. Please help me fix it so it's mounted on login.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

You should not be setting the setuid bit on random binaries.

Can you explain how you created the user and set up the encrypted home directory? Are there any relevant messages in /var/log/syslog after you see the mount error?

Changed in ecryptfs:
status: New → Incomplete
Revision history for this message
David Wood (dbwood) wrote :

Strangely enough this affects me now. I'm trying to put an encrypted home directory on a USB stick inside the casper-rw filesystem. (I've got another USB stick with a standard installation in an ext4 filesystem which works OK.)

Strace shows
6938 setresuid32(1000, 1000, 1000) = 0
6938 execve("/sbin/mount.ecryptfs_private", ["mount.ecryptfs_private"], [/* 18 vars */]) = 0
...
6938 setresuid32(-1, 1000, -1) = 0
6938 geteuid32() = 1000
...
6938 open("/proc/mounts", O_RDONLY|O_CLOEXEC) = 4
...
6938 setreuid32(-1, 0) = -1 EPERM (Operation not permitted)

and then exits. And I can't use an encrypted home directory at all.

Revision history for this message
David Wood (dbwood) wrote :

additional info: Ubuntu 12.04 updated Mar 2, 2013; libecryptfs0 and ecryptfs-utils 96-0ubuntu3.1;

kernel /casper/vmlinuz: Linux kernel x86 boot executable bzImage, version 3.2.0-38-generic (buildd@panlong) #61-Ubuntu SMP Tue Feb 19 12:, RO-rootFS, swap_dev 0x4, Normal VGA;

USB key created with ubuntu usb-creator-gtk and iso file built with "remastersys -dist" (remastersys.com) to include updated packages etc. Dell D400 laptop 1G mem.

Encrypted home directory set up with "add-user --encrypt-home uid"

Revision history for this message
Jason Xing (wlxing) wrote :

Hi Tyler Hicks,

I've tried compiling ecryptfs-utils-108 source code several times on Centos7.0 and Ubuntu 12.04 and execute command $ecryptfs-setup-private, then it display some information on the screen (see attachment): "setreuid: Operation not permitted ERROR: Could not mount private ecryptfs directory".

So the only resolution I figure out is setting the "s" bit manually on the /usr/sbin/mount.ecryptfs_private binary. The command is $sudo chmod u+s /usr/sbin/mount.ecryptfs_private. Then I'm able to setup private directory.That might be what they wanted to report, I guess.

Jason Xing

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.