Join Log in
Score:0
Lucio Crusca avatar Server

mount.ecryptfs_private in .xsession started by nodm/lightdm complains with "mount: no such file or directory"

mu flag
Lucio Crusca

I'm trying to decrypt the Private directory inside a user $HOME automatically at system startup. The system is a Debian GNU/Linux 10 (actually a Raspbian, but I assume it's no different to this end) that uses NoDM to start Xorg.

EDIT 1: I've now tried installing a clean Debian 11 with Nodm in a virtual machine and I face exactly the same problem described here below.

Nodm automatically logs the unprivileged user in, and it runs the $HOME/.xsession startup script.

I have the following script, that is being called by .xsession:

#!/bin/bash -x
# Original by Michael Halcrow, IBM
# Extracted to a stand-alone script by Dustin Kirkland
# Edited on 2021-10-28 by Lucio Crusca

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PD="Private"    
WPF="$HOME/.ecryptfs/wrapped-passphrase"
MPSF="$HOME/.ecryptfs/$PD.sig"

if /sbin/mount.ecryptfs_private ; then
    exit 0
fi

if [ -f "$WPF" -a -f "$MPSF" ]; then
        if [ $(wc -l < "$MPSF") = "1" ]; then
            if printf "%s\0" "$LP" | ecryptfs-unwrap-passphrase "$WPF" - | ecryptfs-add-passphrase -; then
                echo Ok
            else
                echo incorrect LP
                exit 1
            fi
        else
            if printf "%s\0" "$LP" | ecryptfs-insert-wrapped-passphrase-into-keyring "$WPF" - ; then
                echo Ok
            else
                echo incorrect LP
                exit 1
            fi
        fi
    /sbin/mount.ecryptfs_private
else
    echo Setup error
    exit 1
fi
exit 0

It is a stripped down version of /usr/bin/ecryptfs-mount-private. It executes just the same commands, but it expects the LP environment variable to contain the passphrase instead of asking for the passphrase interactively.

I saved this script as $HOME/el-mount.sh. When my system boots and NoDM starts, it executes .xsession that in turn calls my script, redirecting stdout and stderr to a logfile for debug. The thing does not work, in that it outputs this:

...
+ /sbin/mount.ecryptfs_private
mount: No such file or directory

However if I connect to the system via ssh and run the same el-mount.sh script, logged in as the same user configured in NoDM, the script flawlessy works. Just in case you wonder, the LP variable is correctly set in both cases (already checked in the logfile).

I've already tried switching from NoDM to lightdm-autologin-greeter, but I get just the same outcome.

How do I make mount.ecryptfs_private work when called during autologin?

127
0 + 0
Score:0
Lucio Crusca avatar Server
mu flag
Lucio Crusca

I've finally sorted it out. The problem is Debian bug 870126 that's still open. Until someone will fix it you'll have to work around it by manually adding:

 session    optional   pam_keyinit.so force revoke

to /etc/pam.d/nodm (or other pam configuration file, depending on your display manager).

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.