Discussion:
Systemd User Service Not Starting with ecryptfs
(too old to reply)
Max Ehrlich
2018-01-30 15:21:28 UTC
Permalink
Raw Message
I use home folder encryption with ecryptfs. I also want to start gpg-agent
when I login using a user service. No matter what I try, I can't get this
to work because it seems like systemd deosnt wait for the decryption to
happen. Is there any support for this configuration or can my user services
be stored someplace else?
Andrei Borzenkov
2018-01-30 18:09:34 UTC
Permalink
Raw Message
Post by Max Ehrlich
I use home folder encryption with ecryptfs. I also want to start gpg-agent
when I login using a user service. No matter what I try, I can't get this
to work because it seems like systemd deosnt wait for the decryption to
happen. Is there any support for this configuration or can my user services
be stored someplace else?
How exactly you decrypt home - PAM integration (pam_ecryptfs, pam_mount,
??) or something else?

I suppose when using PAM it /may/ work if PAM module responsible for
ecryptfs comes before pam_systemd.
Max Ehrlich
2018-01-30 21:42:37 UTC
Permalink
Raw Message
Andrei,

Honestly I just clicked "encrypt my home folder" on the GUI install a few
months ago. I'm trying to figure out what method ububtu uses by poking
around, but if you know how I can check please let me know

Thanks for your response,
Max
Post by Max Ehrlich
Post by Max Ehrlich
I use home folder encryption with ecryptfs. I also want to start
gpg-agent
Post by Max Ehrlich
when I login using a user service. No matter what I try, I can't get this
to work because it seems like systemd deosnt wait for the decryption to
happen. Is there any support for this configuration or can my user
services
Post by Max Ehrlich
be stored someplace else?
How exactly you decrypt home - PAM integration (pam_ecryptfs, pam_mount,
??) or something else?
I suppose when using PAM it /may/ work if PAM module responsible for
ecryptfs comes before pam_systemd.
Andrei Borzenkov
2018-01-31 03:20:52 UTC
Permalink
Raw Message
Post by Max Ehrlich
Andrei,
Honestly I just clicked "encrypt my home folder" on the GUI install a few
months ago. I'm trying to figure out what method ububtu uses by poking
around, but if you know how I can check please let me know
Thanks for your
I checked /etc/pam.d/common-session on Ubuntu 16.04 and pam_systemd
comes before pam_ecryptfs. You may try to swap these lines.

session optional pam_systemd.so
session optional pam_ecryptfs.so unwrap


response,
Post by Max Ehrlich
Max
Post by Max Ehrlich
Post by Max Ehrlich
I use home folder encryption with ecryptfs. I also want to start
gpg-agent
Post by Max Ehrlich
when I login using a user service. No matter what I try, I can't get this
to work because it seems like systemd deosnt wait for the decryption to
happen. Is there any support for this configuration or can my user
services
Post by Max Ehrlich
be stored someplace else?
How exactly you decrypt home - PAM integration (pam_ecryptfs, pam_mount,
??) or something else?
I suppose when using PAM it /may/ work if PAM module responsible for
ecryptfs comes before pam_systemd.
Max Ehrlich
2018-01-31 14:22:50 UTC
Permalink
Raw Message
Andrei,

Amazingly it seems like the solution was that simple, thanks for your help.
I'm going to let the Ubuntu guys know those should probably be swapped

thanks again,
Max
Post by Andrei Borzenkov
Post by Max Ehrlich
Andrei,
Honestly I just clicked "encrypt my home folder" on the GUI install a few
months ago. I'm trying to figure out what method ububtu uses by poking
around, but if you know how I can check please let me know
Thanks for your
I checked /etc/pam.d/common-session on Ubuntu 16.04 and pam_systemd
comes before pam_ecryptfs. You may try to swap these lines.
session optional pam_systemd.so
session optional pam_ecryptfs.so unwrap
response,
Post by Max Ehrlich
Max
Post by Max Ehrlich
Post by Max Ehrlich
I use home folder encryption with ecryptfs. I also want to start
gpg-agent
Post by Max Ehrlich
when I login using a user service. No matter what I try, I can't get
this
Post by Max Ehrlich
Post by Max Ehrlich
Post by Max Ehrlich
to work because it seems like systemd deosnt wait for the decryption to
happen. Is there any support for this configuration or can my user
services
Post by Max Ehrlich
be stored someplace else?
How exactly you decrypt home - PAM integration (pam_ecryptfs, pam_mount,
??) or something else?
I suppose when using PAM it /may/ work if PAM module responsible for
ecryptfs comes before pam_systemd.
Loading...