Sent from my iPad
> On Nov 28, 2023, at 7:32 AM, Max Nikulin <maniku...@gmail.com> wrote:
>
> On 28/11/2023 19:03, Pocket wrote:
>>> On 11/28/23 06:27, Max Nikulin wrote:
>>>
>>> *Login* protector used by pam_fscrypt is a different case.
>>>
>> Well I will see about that when the time comes.
>> I have a few ideas that may "fix" that, untested at the present time of
>> course.
>
> Just a couple of additional notes
>
>> sudo fscrypt encrypt /home/fscrypt/Encrypted
>> sudo chown -R pocket:pocket /home/fscrypt/Encrypted
>
> You should be able to create an encrypted directory as a regular user. With
> command above you may face an issue during e.g. an attempt to change
> passphrase. Files in /home/fscrypt/.fscrypt belong to root, not to pocket.
>
> Another way suitable for a new user
>
> fscrypt encrypt /home/newhome --user=user
>
> is documented in https://wiki.archlinux.org/title/Fscrypt
>
> Concerning lock on logout, I had an idea to use a systemd unit with a command
> executed after user@.service completion. Unfortunately libpam-fscrypt
> 0.3.3-1+b6 does not support `unlock_only` option yet, but `lock_policies` is
> already default and no-op. So there is no way to disable lock on logout. Now
> I am trying to figure out if
>
> systemctl --user exit
>
> may had negative effects. Some running processes may prevent locking of
> directories though.
>
I am doing this project for an encrypted container.
I need to investigate whether or not I can place multiple encrypted directories
upon the USB drive, all independent of course. Meaning a separate pass phrase
for each. Also if they are truly independent.
I will get to your other points after I have finished with this. I haven’t
made a big enough mess with this as of now.
