The following two packages are built in my PPA. Please respond here with any bugs/issues: * adduser - 3.110ubuntu2~ppa1 * ecryptfs-utils - 66-2ubuntu4~ppa1
See: * https://launchpad.net/~kirkland/+archive To test, enable my PPA for Jaunty, and upgrade these two packages. Then, as root, create a new user with: # adduser --encrypt-home $user Fill in the required information, and password accordingly. Login as that user and you should be able to operate as usual, with your entire home directory encrypted. Note that: * your encrypted data will reside in /home/$user/.Private * this directory will not be visible while mounted * your ecryptfs configuration data, which is required to establish the mount will live in /var/lib/ecryptfs/$user and will be symbolically linked into /home/$user Enjoy :-Dustin -- add support for setting up encrypted home directory on user creation https://bugs.launchpad.net/bugs/302870 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in eCryptfs - Enterprise Cryptographic Filesystem: In Progress Status in “adduser” source package in Ubuntu: In Progress Status in “ecryptfs-utils” source package in Ubuntu: In Progress Bug description: Binary package hint: adduser I'm currently adding support for bootstrapping an encrypted home directory to the ecryptfs-setup-private utility in the ecryptfs-utils package. This requires a simple patch to the adduser utility, to support an "--encrypt-home" option, which would call: # ecryptfs-setup-private -b -u $USER The call to ecryptfs-setup-private uses the existing code to setup an encrypted home directory. It will generate a mount passphrase from /dev/urandom, establish the user's ecryptfs configuration files, mount the home directory, and return 0. With the home directory mounted, adduser can proceed to copy the /etc/skel files into the mounted, encrypted mountpoint. The adduser utility then needs to unmount that home directory. The "passwd" call within adduser will trigger the password-change code within pam_ecryptfs.so, which will detect the cleartext, randomly generated mount passphrase written to file, and wrap (ie, encrypt) that file using the chosen passphrase. This patch also adds documentation to the manpage regarding the new --encrypt-home option. Finally, this patch modifies the control file to "Recommend" a version of ecryptfs-utils with the required new functionality. Note that Colin said he needs to think about the appropriate level (Recommends vs. Suggests). :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
