When creating a new user with a GID different than the UID using adduser
--encrypt-home, the GID is not passed at all from adduser to ecryptfs-
setup-private:
if (defined($encrypt_home)) {
printf gtx("Setting up encryption ...\n") if $verbose;
&systemcall($ecryptfs_setup_private, '-b', '-u', $new_name);
}
ecryptfs-setup-private then blindly chowns to $USER:$USER assuming the
GID matches the UID:
chown $USER:$USER "$CRYPTDIR" /dev/shm/.ecryptfs-$USER
(multiple chowns below this)
sc...@baka:~$ sudo adduser --encrypt-home --gid 2500 testuser
Adding user `testuser' ...
Adding new user `testuser' (1000) with group `warthogs' ...
Creating home directory `/home/testuser' ...
Setting up encryption ...
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
Done configuring.
chown: invalid group: `testuser:testuser'
chown: invalid group: `testuser:testuser'
chown: invalid group: `testuser:testuser'
chown: invalid group: `testuser:testuser'
chown: invalid group: `testuser:testuser'
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for testuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
sc...@baka:~$ sudo ls -al /home/.ecryptfs/testuser/
total 16
drwxr-xr-x 4 root root 4096 2009-10-08 10:27 .
drwxr-xr-x 3 root root 4096 2009-10-08 10:27 ..
drwx------ 2 root root 4096 2009-10-08 10:27 .ecryptfs
drwx------ 2 root root 4096 2009-10-08 10:27 .Private
** Changed in: adduser (Ubuntu)
Status: New => Confirmed
** Summary changed:
- ecryptfs-utils creates dir with wrong permissions
+ ecryptfs-setup-private creates .ecryptfs dir with wrong permissions when GID
is different than UID
--
ecryptfs-setup-private creates .ecryptfs dir with wrong permissions when GID is
different than UID
https://bugs.launchpad.net/bugs/445301
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in eCryptfs - Enterprise Cryptographic Filesystem: New
Status in “adduser” package in Ubuntu: Confirmed
Status in “ecryptfs-utils” package in Ubuntu: Confirmed
Bug description:
when adding a user with an encrypted home directory passing the group ID from
the CLI, the utility fail to set the permissions to the .ecryptfs and .Private
directory.
Here is an example:
adduser --uid 1030 --gid 115 --encrypt-home lmondesi
...
chown: invalid group: `lmondesi:lmondesi'
chown: invalid group: `lmondesi:lmondesi'
chown: invalid group: `lmondesi:lmondesi'
chown: invalid group: `lmondesi:lmondesi'
chown: invalid group: `lmondesi:lmondesi'
This causes the permissions for the
/home/.ecryptfs/lmondesi/.{ecryptfs,Private} which obviously prevents it from
being mounted
lmond...@zod:/home/.ecryptfs/lmondesi$ ls -la
total 16
drwxr-xr-x 4 root root 4096 2009-10-07 05:30 .
drwxr-xr-x 3 root root 4096 2009-10-07 05:30 ..
drwx------ 2 root root 4096 2009-10-07 05:30 .ecryptfs
drwx------ 2 root root 4096 2009-10-07 05:30 .Private
_______________________________________________
Mailing list: https://launchpad.net/~ecryptfs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ecryptfs
More help : https://help.launchpad.net/ListHelp
