On 28/11/2023 19:03, Pocket wrote:
On 11/28/23 06:27, Max Nikulin wrote:*Login* protector used by pam_fscrypt is a different case.Well I will see about that when the time comes.I have a few ideas that may "fix" that, untested at the present time of course.
Just a couple of additional notes
sudo fscrypt encrypt /home/fscrypt/Encryptedsudo chown -R pocket:pocket /home/fscrypt/Encrypted
You should be able to create an encrypted directory as a regular user. With command above you may face an issue during e.g. an attempt to change passphrase. Files in /home/fscrypt/.fscrypt belong to root, not to pocket.
Another way suitable for a new user
fscrypt encrypt /home/newhome --user=user
is documented in https://wiki.archlinux.org/title/Fscrypt
Concerning lock on logout, I had an idea to use a systemd unit with a
command executed after user@.service completion. Unfortunately
libpam-fscrypt 0.3.3-1+b6 does not support `unlock_only` option yet, but
`lock_policies` is already default and no-op. So there is no way to
disable lock on logout. Now I am trying to figure out if
systemctl --user exit
may had negative effects. Some running processes may prevent locking of
directories though.