1ecryptfs-setup-private(1)          eCryptfs          ecryptfs-setup-private(1)
2
3
4

NAME

6       ecryptfs-setup-private - setup an eCryptfs private directory.
7
8

SYNOPSIS

10       ecryptfs-setup-private   [-f|--force]  [-w|--wrapping]  [-a|--all-home]
11       [-n|--no-fnek]  [--nopwcheck]  [-u|--username   USER]   [-l|--loginpass
12       LOGINPASS] [-m|--mountpass MOUNTPASS]
13
14

OPTIONS

16       Options available for the ecryptfs-setup-private command:
17
18       -f, --force
19              Force overwriting of an existing setup
20
21       -w, --wrapping
22              Use an independent wrapping passphrase, different from the login
23              passphrase
24
25       -u, --username USER
26              User to setup, default is current user if omitted
27
28       -l, --loginpass LOGINPASS
29              System passphrase for USER, used to wrap MOUNTPASS, will  inter‐
30              actively prompt if omitted
31
32       -m, --mountpass MOUNTPASS
33              Passphrase  for  mounting  the ecryptfs directory, default is 16
34              bytes from /dev/urandom if omitted
35
36       -a, --all-home
37              Generate a setup for encrypting the user's entire home directory
38
39       --undo Display instructions on how to undo an encrypted private setup
40
41       -n, --no-fnek
42              Do not encrypt filenames; otherwise, filenames will be encrypted
43              on systems which support filename encryption
44
45       --nopwcheck
46              Do  not check the validity of the specified login password (use‐
47              ful for LDAP user accounts)
48
49       --noautomount
50              Setup this user such that the encrypted private directory is not
51              automatically mounted on login
52
53       --noautoumount
54              Setup this user such that the encrypted private directory is not
55              automatically unmounted at logout
56
57
58

DESCRIPTION

60       ecryptfs-setup-private is a program that  sets  up  a  private  crypto‐
61       graphic  mountpoint  for  a  non-root user, who is a member of ecryptfs
62       group.
63
64       Be sure to properly escape your parameters according  to  your  shell's
65       special  character  nuances, and also surround the parameters by double
66       quotes, if necessary. Any of the parameters may be:
67
68         1) exported as environment variables
69         2) specified on the command line
70         3) left empty and interactively prompted
71
72       The user SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE  IN  A
73       SAFE  LOCATION.   If  the  mount  passphase  file is lost, or the mount
74       passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.
75
76       Using the values of USER, MOUNTPASS, and LOGINPASS, ecryptfs-setup-pri‐
77       vate will:
78         - Create ~/.Private (permission 700)
79         - Create ~/Private (permission 500)
80         - Backup any existing wrapped passphrases
81         - Use LOGINPASS to wrap and encrypt MOUNTPASS
82         - Write to ~/.ecryptfs/wrapped-passphrase
83         - Add the passphrase to the current keyring
84         - Write the passphrase signature to ~/.ecryptfs/Private.sig
85         - Test the cryptographic mount with a few reads and writes
86
87       The  system administrator can add the pam_ecryptfs.so module to the PAM
88       stack which will automatically use the login passphrase to  unwrap  the
89       mount  passphrase, add the passphrase to the user's kernel keyring, and
90       automatically perform the mount. See pam_ecryptfs(8).
91
92

FILES

94       ~/.ecryptfs/auto-mount
95
96       ~/.Private - underlying directory containing encrypted data
97
98       ~/Private - mountpoint containing decrypted data (when mounted)
99
100       ~/.ecryptfs/Private.sig  -  file  containing  signature  of  mountpoint
101       passphrase
102
103       ~/.ecryptfs/Private.mnt - file containing path of the private directory
104       mountpoint
105
106       ~/.ecryptfs/wrapped-passphrase - file containing the mount  passphrase,
107       wrapped with the login passphrase
108
109       ~/.ecryptfs/wrapping-independent  -  this  file  exists if the wrapping
110       passphrase is independent from login passphrase
111
112

SEE ALSO

114       ecryptfs-rewrap-passphrase(1),               mount.ecryptfs_private(1),
115       pam_ecryptfs(8), umount.ecryptfs_private(1)
116
117       /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html
118
119       http://launchpad.net/ecryptfs/
120
121

AUTHOR

123       This  manpage  and  the  ecryptfs-setup-private  utility was written by
124       Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be
125       used by others).  Permission is granted to copy, distribute and/or mod‐
126       ify this document under the terms of the GNU  General  Public  License,
127       Version  2  or any later version published by the Free Software Founda‐
128       tion.
129
130       On Debian systems, the complete text of the GNU General Public  License
131       can be found in /usr/share/common-licenses/GPL.
132
133
134
135ecryptfs-utils                    2008-11-17         ecryptfs-setup-private(1)
Impressum