Systemd User Service Cannot Start with ECryptFS Due to PAM Misconfiguration

If a user encrypts their home directory using the standard Ubuntu installer GUI, which uses ecryptfs, then the users home directory is encrypted while systemd is trying to start their user services so they cant be read. After consulting with the systemd developers, the problem is remarkably simple to fix

Ubuntu releases /etc/pam.d/common-session with the follow entries:

session optional pam_systemd.so
session optional pam_ecryptfs.so unwrap

they need to be swapped to

session optional pam_ecryptfs.so unwrap
session optional pam_systemd.so

so that decryption happens before systemd user services are started.

Check the thread on the systemd developers mailing list at https://lists.freedesktop.org/archives/systemd-devel/2018-January/040301.html for further information

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: systemd 234-2ubuntu12.1
Uname: Linux 4.14.4-acso x86_64
ApportVersion: 2.20.7-0ubuntu3.7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Jan 31 09:25:10 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-11-04 (87 days ago)
InstallationMedia: Ubuntu 17.10 "Artful Aardvark" - Release amd64 (20171018)
MachineType: Dell Inc. XPS 15 9560
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.14.4-acso root=/dev/mapper/ubuntu--vg-root ro quiet splash intel_iommu=on pci=noaer pcie_acs_override=downstream vt.handoff=7
SourcePackage: systemd
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/30/2017
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.5.0
dmi.board.name: 05FFDN
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 10
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvr1.5.0:bd08/30/2017:svnDellInc.:pnXPS159560:pvr:rvnDellInc.:rn05FFDN:rvrA00:cvnDellInc.:ct10:cvr:
dmi.product.family: XPS
dmi.product.name: XPS 15 9560
dmi.sys.vendor: Dell Inc.