ecryptfs-recover-private fails to mount previous homedir on ubuntu bionic

Bug #1769373 reported by henczati on 2018-05-05
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
eCryptfs
Undecided
Unassigned

Bug Description

# REPRODUCE:

Steps (specific real info replaced with vars):

1. Boot from Lubuntu 18.04 (bionic) daily-live (http://cdimage.ubuntu.com/lubuntu/bionic/daily-live/) from 2018-05-04 (after bionic release).
2. Create user with the same uid as was used by previous home user ($user).
3. Logout & sign in as $user.
4. Mount *partition* with previous (ecryptfs-encrypted) home (to $mnt).
5. Install ecryptfs utils (not on Lubuntu 18.04 live by default):
```bash
$ sudo apt update
$ sudo apt install ecryptfs-utils
```
6. Mount previous home:
```bash
$ sudo ecryptfs-recover-private "$mnt"/home/.ecryptfs/"$user"/.Private/
INFO: Found [$mnt/home/.ecryptfs/$user/.Private/].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n]
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [$ecryptfs_sig] into the user session keyring
mount: /tmp/ecryptfs.$XXXXXXXX: mount(2) system call failed: No such file or directory.
ERROR: Failed to mount private data at [/tmp/ecryptfs.$XXXXXXXX].
```

```bash
$ ls -ld /tmp/ecryptfs.$XXXXXXXX
drwx------ 2 root root 40 May 5 17:04 /tmp/ecryptfs.$XXXXXXXX/
```

-----------------------------
(edited:)
# HOTFIX (HACK):

Steps (after $tmpdir creation but *before* trying to mount):

1. Change user and group ownership of temporary folder (to mount in) to the user (uid) and group (gid) of the previous (ecryptfs-encrypted) home directory.
2. (HACK) Run the mount command that follows, but first without the '-i' parameter and submit empty password (enter) 3x.

# NOTES:

I don't exactly know why the hack is needed (probably to reset some state), but without this failed mount without '-i' cannot successfully mount afterwards.

When I had ecryptfs-recover-private patched with step 1. only, the mount failed on a fresh live boot.

But if after a failed mount I ran only the mount command from the script without the '-i' parameter manually in a terminal then interrupted when asked the passphrase (by Ctrl+C), then the only-chmod-patched ecryptfs-recover-private would mount successfully and repeatedly (re-mount) until reboot.
-> The hack step is needed only once per boot.

If patched with the hack, use empty passphrase as Ctrl+C will interrupt the whole script not just the mount command (as echo-ed in the patch).

I got the mount command (that failed, and had to fail without '-i') by running ecryptfs-recover-private by 'sh -ex':
```bash
$ sudo sh -ex /usr/bin/ecryptfs-recover-private "$mnt"/home/.ecryptfs/"$user"/.Private/

henczati (henczati) on 2018-05-05
description: updated
description: updated
description: updated
description: updated
henczati (henczati) on 2018-05-05
tags: added: ecryptfs-utils
tags: added: ecryptfs-recover-private
henczati (henczati) wrote :

# Patch

WHAT:
After mktemp, before mount:
```bash
chown --reference="$mnt"/home/.ecryptfs/"$user"/.Private /tmp/ecryptfs."$XXXXXXXX"
```

USE:
```bash
cd / && patch -p1 <"$patch_path"
```

henczati (henczati) wrote :

p.s.: The snippet in comment #2 is representative, NOT the exact patch addition!

henczati (henczati) on 2018-05-05
description: updated
henczati (henczati) wrote :

First patch did not work after rebooting from the live image.
Created new patch with a hack that I needed: a step that I did manually before creating the first patch.

Description updated.

description: updated
description: updated
henczati (henczati) on 2018-05-05
description: updated
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers