Do I have to be root to mount eCryptfs?

Asked by Dustin Kirkland  on 2008-09-25

eCryptfs mounts can be set up to be done by non-root users. Generally, you want to perform the initial key generation and mount as the root user. Then, you can do a mount as a user by putting the appropriate options in /etc/fstab, adding the keys to the user session keyring (using ecryptfs-manager), and performing the mount in such a way that bypasses the mount helper. This is not very well automated in the current release, but it is possible right now with some manual steps. The instructions on using the PAM module are contained in the README and give the steps necessary to set that up; just follow all the directions except the last PAM step to see how it works:

http://ecryptfs.sourceforge.net/README
In short, you will want something like this in your fstab:

/home/user/secret /home/user/secret ecryptfs rw,ecryptfs_sig=deadbeefbaadf00d,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user,noauto 0 0

You need to get the corresponding authentication token for the ecryptfs_sig into your user session keyring; ecryptfs-manager and the PAM module can both do this for you. Alternatively, you can write your own application that calls ecryptfs_add_passphrase_key_to_keyring() or ecryptfs_add_key_module_key_to_keyring() in libecryptfs.so. Then you will want to mount with the -i option to prevent the mount helper from being called.

Question information

Language:
English Edit question
Status:
Solved
For:
eCryptfs Edit question
Assignee:
No assignee Edit question
Solved by:
Dustin Kirkland 
Solved:
2008-09-25
Last query:
2008-09-25
Last reply:
Dustin Kirkland  (kirkland) said : #1

From the FAQ.