encrypted-home support in new user dialog

Bug #816669 reported by Dustin Kirkland  on 2011-07-26
This bug affects 25 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
gnome-control-center (Ubuntu)
Nominated for Trusty by Alberto Salvia Novella
Nominated for Vivid by Alberto Salvia Novella
Nominated for Wily by Alberto Salvia Novella

Bug Description

seb128 asked me to file this bug...

He noticed that the Gnome3 new user dialog does not support the encrypt-home-directory feature that was present in previous versions of Gnome.

To solve this, the new user dialog would have a boolean checkbox (defaulted to un-checked), which asks if this new user's home directory should be created. Talk to mpt about the wordsmithing. If checked, then you need to add --encrypt-home to the 'adduser' invocation. Before running adduser, you'd also need to ensure that ecryptfs-utils is installed.

For real security, you would also need to run (as root) ecryptfs-setup-swap, which would encrypt the user's swap space. This is necessary, as any files/data that gets swapped out to disk could be written in the clear, thereby circumventing the user's requested encryption. Further note that if swap is encrypted, hibernation should be disabled (suspend continues to work just fine).

Changed in gnome-control-center (Ubuntu):
importance: Undecided → Low
status: New → Confirmed
assignee: nobody → Rodrigo Moya (rodrigo-moya)
Changed in gnome-control-center (Ubuntu):
assignee: Rodrigo Moya (rodrigo-moya) → nobody
Changed in gnome-control-center (Ubuntu):
status: Confirmed → Triaged
Mihai Capotă (mihaic) wrote :

Problem still exists in Precise. Is there a graphical workaround?

This creates an additional problem:

When installing Ubuntu, the user is offered to encrypt his personal folder; but when adding new users after installation, no choose between encrypting or not is offered. Then the user may think that if he has chosen to encrypt during installation, any new user personal folder will be encrypted; when it really won't.

Amorphous (amorphous) wrote :

2 things regarding this... Now that I've had a user with encrypted home, he's been removed, and then re-added. using:

$ userdel uname


$ adduser --encrypt-home uname

I now get (what is to me) an irremovable error:

ERROR: wrapped-passphrase file already exists, use --force to overwrite.
adduser: `/usr/bin/ecryptfs-setup-private -b -u martin' returned error code 1. Exiting.

when the machine gets to the "setting up encryption" stage.

1. how do I get rid of the wrapped-passphrase file?
2. is this the right place for this (as presumably it's the same bug), or should I open a new bug report?

In my opinion you shall try the "answers" section first, but perhaps after that you'll notice this is the correct place for your problem. Thanks for your time.

Lex Ross (lross) wrote :

The problem still exisy in Precise. I'd say don't bother with swap encryption and hybernation related issues, as it is way too complicated. After all, what we do here is create a new user and it's home directory if required. There is no need to look beyond this, and any provisions beyond user home encryption are inappropriate and are not expected, really. All we need is normal gnome-system-tools functionality.

Uli Tillich (utillich) wrote :

This bug is also still present in raring.

Adam Niedling (krychek) wrote :

This is still an issue in 13.10.

Adam; when you see a bug is still present in a release, just add the proper tag for that release: in this case 'saucy' ⚒

tags: added: saucy
Changed in hundredpapercuts:
assignee: nobody → Paper Cuts Ninja (papercuts-ninja)
Changed in hundredpapercuts:
status: New → Triaged
assignee: Papercuts Ninjas (papercuts-ninja) → nobody
importance: Undecided → Low
Adam Niedling (krychek) on 2014-05-04
tags: added: trusty
tags: added: utopic
Adam Niedling (krychek) on 2015-09-29
tags: added: wily
tags: added: vivid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers