encrypted-home support in new user dialog

Bug #816669 reported by Dustin Kirkland 
160
This bug affects 27 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Triaged
Low
Unassigned
gnome-control-center (Ubuntu)
Triaged
Low
Unassigned
Declined for Trusty by Jeremy Bícha
Declined for Vivid by Jeremy Bícha
Declined for Wily by Jeremy Bícha

Bug Description

seb128 asked me to file this bug...

He noticed that the Gnome3 new user dialog does not support the encrypt-home-directory feature that was present in previous versions of Gnome.

To solve this, the new user dialog would have a boolean checkbox (defaulted to un-checked), which asks if this new user's home directory should be created. Talk to mpt about the wordsmithing. If checked, then you need to add --encrypt-home to the 'adduser' invocation. Before running adduser, you'd also need to ensure that ecryptfs-utils is installed.

For real security, you would also need to run (as root) ecryptfs-setup-swap, which would encrypt the user's swap space. This is necessary, as any files/data that gets swapped out to disk could be written in the clear, thereby circumventing the user's requested encryption. Further note that if swap is encrypted, hibernation should be disabled (suspend continues to work just fine).

Tags: focal
Changed in gnome-control-center (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
assignee: nobody → Rodrigo Moya (rodrigo-moya)
Changed in gnome-control-center (Ubuntu):
assignee: Rodrigo Moya (rodrigo-moya) → nobody
Changed in gnome-control-center (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Mihai Capotă (mihaic) wrote :

Problem still exists in Precise. Is there a graphical workaround?

Revision history for this message
Alberto Salvia Novella (es20490446e) wrote :

This creates an additional problem:

When installing Ubuntu, the user is offered to encrypt his personal folder; but when adding new users after installation, no choose between encrypting or not is offered. Then the user may think that if he has chosen to encrypt during installation, any new user personal folder will be encrypted; when it really won't.

Revision history for this message
Amorphous (amorphous) wrote :

2 things regarding this... Now that I've had a user with encrypted home, he's been removed, and then re-added. using:

$ userdel uname

and

$ adduser --encrypt-home uname

I now get (what is to me) an irremovable error:

ERROR: wrapped-passphrase file already exists, use --force to overwrite.
adduser: `/usr/bin/ecryptfs-setup-private -b -u martin' returned error code 1. Exiting.

when the machine gets to the "setting up encryption" stage.

1. how do I get rid of the wrapped-passphrase file?
2. is this the right place for this (as presumably it's the same bug), or should I open a new bug report?

Revision history for this message
Alberto Salvia Novella (es20490446e) wrote :

In my opinion you shall try the "answers" section first, but perhaps after that you'll notice this is the correct place for your problem. Thanks for your time.

Revision history for this message
Lex Ross (lross) wrote :

The problem still exisy in Precise. I'd say don't bother with swap encryption and hybernation related issues, as it is way too complicated. After all, what we do here is create a new user and it's home directory if required. There is no need to look beyond this, and any provisions beyond user home encryption are inappropriate and are not expected, really. All we need is normal gnome-system-tools functionality.

Revision history for this message
Uli Tillich (utillich) wrote :

This bug is also still present in raring.

Revision history for this message
Adam Niedling (krychek) wrote :

This is still an issue in 13.10.

Revision history for this message
Alberto Salvia Novella (es20490446e) wrote :

Adam; when you see a bug is still present in a release, just add the proper tag for that release: in this case 'saucy' ⚒

tags: added: saucy
Changed in hundredpapercuts:
assignee: nobody → Paper Cuts Ninja (papercuts-ninja)
Changed in hundredpapercuts:
status: New → Triaged
assignee: Papercuts Ninjas (papercuts-ninja) → nobody
importance: Undecided → Low
Adam Niedling (krychek)
tags: added: trusty
tags: added: utopic
Adam Niedling (krychek)
tags: added: wily
tags: added: vivid
Adam Niedling (krychek)
tags: added: xenial
Julien Olivier (julo)
tags: added: yakkety zesty
Jeremy Bícha (jbicha)
no longer affects: gnome-control-center (Ubuntu Precise)
Revision history for this message
Adam Niedling (krychek) wrote :

Still an issue in 18.04.

Adam Niedling (krychek)
tags: added: cosmic
Adam Niedling (krychek)
tags: added: disco
Adam Niedling (krychek)
tags: added: eoan
Adam Niedling (krychek)
tags: added: fecal groovy
Adam Niedling (krychek)
tags: added: focal
removed: fecal
tags: removed: cosmic disco eoan saucy trusty utopic vivid wily yakkety zesty
tags: removed: xenial
tags: removed: groovy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.