Auto-mount home directory with keyfile from usb drive

Asked by Ernst Rohlicek jun. on 2011-03-21

I have found pages with tutorials on how to use a public key ("keyfile") to mount a home directory:

http://bodhizazen.net/Tutorials/Ecryptfs/
http://ecryptfs.sourceforge.net/ecryptfs-faq.html

but (unless I have overseen it), I could not find a way to auto-mount the home directory with a keyfile from external media like an USB drive upon login via the graphical login screen (gdm).

Is there an integrated way to do this in ecryptfs?

(With LUKS this is possible via the crypttab and the CRYPTDISKS_MOUNT variable, which tells it to mount the list of mount points - corresponding to entries in fstab - and get the keyfile from the given path).

Thanks in advance!

Question information

Language:
English Edit question
Status:
Answered
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Last query:
2011-04-25
Last reply:
2011-04-25
Launchpad Janitor (janitor) said : #1

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

I still could not find any information regarding this situation - you, the developers, are the ones who can answer here :-)

Launchpad Janitor (janitor) said : #3

This question was expired because it remained in the 'Open' state without activity for the last 15 days.

I searched again - bur still, you, the developers are the only ones left to ask :-)

Serge Hallyn (serge-hallyn) said : #5

I assume it is not coded into ecryptfs itself.

However you should be able to do this without that. Create a udev rule which runs when a usb stick is inserted, and runs a script which looks for a file named myecryptfskey, then, if it exists, bind-mounts that into place into /home/.ecryptfs/username or wherever the home key normally resides. Create an empty file to set there normally to be a mount target.

Find the usb vender and product id's using lsusb, then create a /etc/udev/rules.d/10-usb-ecryptfs.rules file containing something like:

ACTION=="add|change", SUBSYSTEM=="usb", \
 ATTRS{idVendor}=="XXX", ATTRS{idProduct}=="YYY", \
   RUN+="/usr/bin/my_mount_ecryptfs $name"

where my_mount_ecryptfs checks for the file and bind-mounts it into place if it exists. (It might be best to mount the fs readonly so you can just pull out the usb stick after logging in) Then when you log in, gdm will use the file on the usb stick.

Can you help with this problem?

Provide an answer of your own, or ask Ernst Rohlicek jun. for more information if necessary.

To post a message you must log in.