Creating an encrypted shared folder for two Ubuntu users

Asked by Aaron Whitehouse


I would like to create an encrypted folder that is accessible by multiple accounts on the same computer.

I'm a big fan of ecryptfs. I use it in Ubuntu to encrypt our home directories on our home laptop, among other things. There are a number of files that we want to share between our user accounts.

I would like to encrypt our shared folders so that these are also protected if the laptop is stolen. I would need this to be transparent so that it appeared as if we were sharing an unencrypted folder/mount.

At a technical level, I assume that this would require the folder to be encrypted and mounted after the user logs in, either using some PAM thing, or a passphrase in a file within the home directory (which is itself encrypted and secure). I understand that there are issues using PAM:
so it may have to be a file in the home directory.

Has anybody done this? What is the most straightforward way to achieve it?

I have read:
which didn't actually answer the question and asked this in the wrong place a while ago:

Question information

English Edit question
Ubuntu ecryptfs-utils Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
Revision history for this message
Aaron Whitehouse (aaron-whitehouse) said :

Thanks actionparsnip.

I think that the answer is to use mount.ecryptfs_private, but I can't make it work. Is there a tutorial or something on using this?

I have tried doing the following:
1. Create a folder /home/aaron/Shared/ that I have access to.
2. Create a file ~/.ecryptfs/Shared.conf
3. Put the following into the file:
/home/shared /home/aaron/Shared ecryptfs none 0 0
4. Running it
$ mount.ecryptfs_private Shared
but I get the error:
fopen: No such file or directory
keyctl_search: Success
Perhaps try the interactive 'ecryptfs-mount-private'

Can anybody please point me to what I am doing wrong?

For anybody else going through the journey before this is answered, the following may help:

The link didn't really address my question, as it was quite an old tutorial on LUKS/dmcrypt. I am not particulary keen to use block-level encryption and this is why I was asking how to achieve this with ecryptfs. The main reason for this being that I do not want to pre-allocate the space for the files.

EncFS looked like it may fit my needs:
but I would prefer to use ecryptfs, as it is a kernel module rather than a FUSE filesystem.

I see that somebody else has had the same issue:
and written a program that in essence allows ecryptfs to be used like EncFS:

This was requested to be added to Ubuntu here:
but rejected. The developers said that it is already possible to achieve this using mount.ecryptfs_private.

Can you help with this problem?

Provide an answer of your own, or ask Aaron Whitehouse for more information if necessary.

To post a message you must log in.