mount.ecryptfs_private is a mount helper utility for non-root users to cryptographically mount a private
directory, ~/Private by default.
This program optionally takes one argument, ALIAS. If ALIAS is omitted, the program will default to
using "Private" using:
- $HOME/.Private as the SOURCE
- $HOME/Private as the DESTINATION
- $HOME/.ecryptfs/Private.sig for the key signatures.
If ALIAS is specified, then the program will look for an fstab(5) style configuration in:
- $HOME/.ecryptfs/ALIAS.conf and for key signature(s) in:
- $HOME/.ecryptfs/ALIAS.sig
The mounting will proceed if, and only if:
- the required passphrase is in their kernel keyring, and
- the current user owns both the SOURCE and DESTINATION mount points
- the DESTINATION is not already mounted
This program will:
- mount SOURCE onto DESTINATION
- as an ecryptfs filesystem
- using the AES cipher
- with a key length of 16 bytes
- using the passphrase whose signature is in ~/.ecryptfs/Private.sig
The only setuid operation in this program is the call to mount(8) or umount(8).
The ecryptfs-setup-private(1) utility will create the ~/.Private and ~/Private directories, generate a
mount passphrase, wrap the passphrase, and write the ~/.ecryptfs/Private.sig.
The system administrator can add the pam_ecryptfs.so module to the PAM stack which will automatically use
the login passphrase to unwrap the mount passphrase, add the passphrase to the user's kernel keyring, and
automatically perform the mount. See pam_ecryptfs(8).