Man Linux: Main Page and Category List

NAME

       ecryptfs-setup-private - setup an eCryptfs private directory.

SYNOPSIS

       ecryptfs-setup-private   [-f|--force]  [-w|--wrapping]  [-a|--all-home]
       [-n|--no-fnek]  [--nopwcheck]  [-u|--username   USER]   [-l|--loginpass
       LOGINPASS] [-m|--mountpass MOUNTPASS]

OPTIONS

       Options available for the ecryptfs-setup-private command:

       -f, --force
              Force overwriting of an existing setup

       -w, --wrapping
              Use an independent wrapping passphrase, different from the login
              passphrase

       -u, --username USER
              User to setup, default is current user if omitted

       -l, --loginpass LOGINPASS
              System  passphrase  for  USER,  used  to  wrap  MOUNTPASS,  will
              interactively prompt if omitted

       -m, --mountpass MOUNTPASS
              Passphrase  for  mounting  the ecryptfs directory, default is 16
              bytes from /dev/urandom if omitted

       -a, --all-home
              Generate a setup for encrypting the user’s entire home directory

       --undo Display instructions on how to undo an encrypted private setup

       -n, --no-fnek
              Do not encrypt filenames; otherwise, filenames will be encrypted
              on systems which support filename encryption

       --nopwcheck
              Do not check  the  validity  of  the  specified  login  password
              (useful for LDAP user accounts)

       --noautomount
              Setup this user such that the encrypted private directory is not
              automatically mounted on login

       --noautoumount
              Setup this user such that the encrypted private directory is not
              automatically unmounted at logout

DESCRIPTION

       ecryptfs-setup-private   is   a   program   that   sets  up  a  private
       cryptographic mountpoint for a  non-root  user,  who  is  a  member  of
       ecryptfs group.

       Be  sure  to  properly escape your parameters according to your shell’s
       special character nuances, and also surround the parameters  by  double
       quotes, if necessary. Any of the parameters may be:

         1) exported as environment variables
         2) specified on the command line
         3) left empty and interactively prompted

       The  user  SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE IN A
       SAFE LOCATION.  If the mount passphase  file  is  lost,  or  the  mount
       passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.

       Using the values of USER,  MOUNTPASS,  and  LOGINPASS,  ecryptfs-setup-
       private will:
         - Create ~/.Private (permission 700)
         - Create ~/Private (permission 500)
         - Backup any existing wrapped passphrases
         - Use LOGINPASS to wrap and encrypt MOUNTPASS
         - Write to ~/.ecryptfs/wrapped-passphrase
         - Add the passphrase to the current keyring
         - Write the passphrase signature to ~/.ecryptfs/Private.sig
         - Test the cryptographic mount with a few reads and writes

       The  system administrator can add the pam_ecryptfs.so module to the PAM
       stack which will automatically use the login passphrase to  unwrap  the
       mount  passphrase, add the passphrase to the user’s kernel keyring, and
       automatically perform the mount. See pam_ecryptfs(8).

FILES

       ~/.ecryptfs/auto-mount

       ~/.Private - underlying directory containing encrypted data

       ~/Private - mountpoint containing decrypted data (when mounted)

       ~/.ecryptfs/Private.sig  -  file  containing  signature  of  mountpoint
       passphrase

       ~/.ecryptfs/Private.mnt - file containing path of the private directory
       mountpoint

       ~/.ecryptfs/wrapped-passphrase - file containing the mount  passphrase,
       wrapped with the login passphrase

       ~/.ecryptfs/wrapping-independent  -  this  file  exists if the wrapping
       passphrase is independent from login passphrase

SEE ALSO

       ecryptfs-rewrap-passphrase(1),               mount.ecryptfs_private(1),
       pam_ecryptfs(8), umount.ecryptfs_private(1)

       /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html

       http://launchpad.net/ecryptfs/

AUTHOR

       This manpage and the  ecryptfs-setup-private  utility  was  written  by
       Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be
       used by others).  Permission is  granted  to  copy,  distribute  and/or
       modify this document under the terms of the GNU General Public License,
       Version  2  or  any  later  version  published  by  the  Free  Software
       Foundation.

       On  Debian systems, the complete text of the GNU General Public License
       can be found in /usr/share/common-licenses/GPL.