[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

mount.ecryptfs_private in .xsession with autologin

Hello all,
this is a cross-post from serverfault.com, where I got no asnwers nor comments, so if you are interested in the bounty I set there you can answer there (too): https://serverfault.com/q/1082119/264847
I'm trying to decrypt the `Private` directory inside a user `$HOME` automatically at system startup. The system is a Debian GNU/Linux 10 (actually a Raspbian, but I assume it's no different to this end) that uses NoDM [1] to start Xorg. It automatically logs the unprivileged user in and it runs the `$HOME/.xsession` startup script. 

I have the following script, that is being called by .xsession:

    #!/bin/bash -x
    # Original by Michael Halcrow, IBM
    # Extracted to a stand-alone script by Dustin Kirkland
    # Edited on 2021-10-28 by Lucio Crusca
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 
    PD="Private"
    WPF="$HOME/.ecryptfs/wrapped-passphrase"
    MPSF="$HOME/.ecryptfs/$PD.sig"

    if /sbin/mount.ecryptfs_private ; then
    	exit 0
    fi

    if [ -f "$WPF" -a -f "$MPSF" ]; then
    		if [ $(wc -l < "$MPSF") = "1" ]; then
if printf "%s\0" "$LP" | ecryptfs-unwrap-passphrase "$WPF" - | ecryptfs-add-passphrase -; then 
    				echo Ok
    			else
    				echo incorrect LP
                    exit 1
    			fi
    		else
if printf "%s\0" "$LP" | ecryptfs-insert-wrapped-passphrase-into-keyring "$WPF" - ; then 
    				echo Ok
    			else
    				echo incorrect LP
                    exit 1
    			fi
    		fi
    	/sbin/mount.ecryptfs_private
    else
    	echo Setup error
    	exit 1
    fi
    exit 0
It is a stripped down version of `/usr/bin/ecryptfs-mount-private`. It executes just the same commands, but it expects the LP environment variable to contain the passphrase instead of asking for the passphrase interactively.
I saved this script as `$HOME/el-mount.sh`. When my system boots and NoDM starts, it executes .xsession that in turn calls my script, redirecting `stdout` and `stderr` to a logfile for debug. The thing does not work, in that it outputs this: 

    ...
    + /sbin/mount.ecryptfs_private
    mount: No such file or directory
However if I connect to the system via `ssh` and run the same `el-mount.sh` script, logged in as the same user configured in Nodm, the script flawlessy works. Just in case you wonder, the LP variable is correctly set in both cases (already checked in the logfile).
I've already tried switching from Nodm to lightdm-autologin-greeter [2], but I get just the same outcome. 

How do I make `mount.ecryptfs_private` work when called during autologin?

  [1]: https://github.com/spanezz/nodm
  [2]: https://github.com/spanezz/lightdm-autologin-greeter
Reply to: