Ubuntu
ecryptfs-utils package

  1. Bug #1328689
  2. Comment #5

Comment 5 for bug 1328689

Revision history for this message
Tyler Hicks (tyhicks) wrote : Re: ecryptfs-utils does not work with Ubuntu 14.04.1

I've figured out the cause for this bug. It happens when pam_keyinit is used. This happened with ssh based logins in this openssh upload:

  https://launchpad.net/ubuntu/+source/openssh/1:6.5p1-1

The use of pam_keyinit and the way that it creates a session keyring when logging in over ssh is keeping the eCryptfs kernel code from being able to find the mount key. ecryptfs-setup-private is ran as the root user. It executes ecryptfs-add-passphrase. which adds the user's mount key to root's user keyring. However, the root's user keyring is masked by the session keyring that was created earlier so the kernel cannot find the mount key when ecryptfs-setup-private executes the mount program.

WORKAROUND:

$ sudo keyctl link @u @s
$ sudo adduser --encrypt-home foo
$ sudo keyctl unlink @u @s

I'm not sure about the appropriate fix at this time.