mount.ecryptfs_private in .xsession with autologin

Mon, 01 Nov 2021 03:13:55 -0700 

Hello all,
this is a cross-post from serverfault.com, where I got no asnwers nor comments, so if you are interested in the bounty I set there you can answer there (too): https://serverfault.com/q/1082119/264847 


I'm trying to decrypt the `Private` directory inside a user `$HOME` 
automatically at system startup. The system is a Debian GNU/Linux 10 
(actually a Raspbian, but I assume it's no different to this end) that 
uses NoDM [1] to start Xorg. It automatically logs the unprivileged user 
in and it runs the `$HOME/.xsession` startup script.


I have the following script, that is being called by .xsession:

    #!/bin/bash -x
    # Original by Michael Halcrow, IBM
    # Extracted to a stand-alone script by Dustin Kirkland
    # Edited on 2021-10-28 by Lucio Crusca


    export 
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

    PD="Private"
    WPF="$HOME/.ecryptfs/wrapped-passphrase"
    MPSF="$HOME/.ecryptfs/$PD.sig"

    if /sbin/mount.ecryptfs_private ; then
        exit 0
    fi

    if [ -f "$WPF" -a -f "$MPSF" ]; then
                if [ $(wc -l < "$MPSF") = "1" ]; then

    			if printf "%s\0" "$LP" | ecryptfs-unwrap-passphrase "$WPF" - | 
ecryptfs-add-passphrase -; then

                                echo Ok
                        else
                                echo incorrect LP
                    exit 1
                        fi
                else

    			if printf "%s\0" "$LP" | 
ecryptfs-insert-wrapped-passphrase-into-keyring "$WPF" - ; then

                                echo Ok
                        else
                                echo incorrect LP
                    exit 1
                        fi
                fi
        /sbin/mount.ecryptfs_private
    else
        echo Setup error
        exit 1
    fi
    exit 0


It is a stripped down version of `/usr/bin/ecryptfs-mount-private`. It 
executes just the same commands, but it expects the LP environment 
variable to contain the passphrase instead of asking for the passphrase 
interactively.



I saved this script as `$HOME/el-mount.sh`. When my system boots and 
NoDM starts, it executes .xsession that in turn calls my script, 
redirecting `stdout` and `stderr` to a logfile for debug. The thing does 
not work, in that it outputs this:


    ...
    + /sbin/mount.ecryptfs_private
    mount: No such file or directory


However if I connect to the system via `ssh` and run the same 
`el-mount.sh` script, logged in as the same user configured in Nodm, the 
script flawlessy works. Just in case you wonder, the LP variable is 
correctly set in both cases (already checked in the logfile).



I've already tried switching from Nodm to lightdm-autologin-greeter [2], 
but I get just the same outcome.


How do I make `mount.ecryptfs_private` work when called during autologin?

  [1]: https://github.com/spanezz/nodm
  [2]: https://github.com/spanezz/lightdm-autologin-greeter























					Reply via email to