1ecryptfs-setup-private(1)          eCryptfs          ecryptfs-setup-private(1)
2
3
4

NAME

6       ecryptfs-setup-private - setup an eCryptfs private directory.
7
8

SYNOPSIS

10       ecryptfs-setup-private  [-f|--force]  [-w|--wrapping]  [-b|--bootstrap]
11       [-n|--no-fnek]  [--nopwcheck]  [-u|--username   USER]   [-l|--loginpass
12       LOGINPASS] [-m|--mountpass MOUNTPASS]
13
14

OPTIONS

16       Options available for the ecryptfs-setup-private command:
17
18       -f, --force
19              Force overwriting of an existing setup
20
21       -w, --wrapping
22              Use an independent wrapping passphrase, different from the login
23              passphrase
24
25       -u, --username USER
26              User to setup, default is current user if omitted
27
28       -l, --loginpass LOGINPASS
29              System passphrase for USER, used to wrap MOUNTPASS, will  inter‐
30              actively prompt if omitted
31
32       -m, --mountpass MOUNTPASS
33              Passphrase  for  mounting  the ecryptfs directory, default is 16
34              bytes from /dev/random if omitted
35
36       -b, --bootstrap
37              Bootstrap a new user's entire home directory
38
39       --undo Display instructions on how to undo an encrypted private setup
40
41       -n, --no-fnek
42              Do not encrypt filenames; otherwise, filenames will be encrypted
43              on systems which support filename encryption
44
45       --nopwcheck
46              Do  not check the validity of the specified login password (use‐
47              ful for LDAP user accounts)
48
49       --noautomount
50              Setup this user such that the encrypted private directory is not
51              automatically mounted on login
52
53       --noautoumount
54              Setup this user such that the encrypted private directory is not
55              automatically unmounted at logout
56
57
58

DESCRIPTION

60       ecryptfs-setup-private is a program that  sets  up  a  private  crypto‐
61       graphic mountpoint for a non-root user.
62
63       Be  sure  to  properly escape your parameters according to your shell's
64       special character nuances, and also surround the parameters  by  double
65       quotes, if necessary. Any of the parameters may be:
66
67         1) exported as environment variables
68         2) specified on the command line
69         3) left empty and interactively prompted
70
71       The  user  SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE IN A
72       SAFE LOCATION.  If the mount passphase  file  is  lost,  or  the  mount
73       passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.
74
75       Using the values of USER, MOUNTPASS, and LOGINPASS, ecryptfs-setup-pri‐
76       vate will:
77         - Create ~/.Private (permission 700)
78         - Create ~/Private (permission 500)
79         - Backup any existing wrapped passphrases
80         - Use LOGINPASS to wrap and encrypt MOUNTPASS
81         - Write to ~/.ecryptfs/wrapped-passphrase
82         - Add the passphrase to the current keyring
83         - Write the passphrase signature to ~/.ecryptfs/Private.sig
84         - Test the cryptographic mount with a few reads and writes
85
86       The system administrator can add the pam_ecryptfs.so module to the  PAM
87       stack  which  will automatically use the login passphrase to unwrap the
88       mount passphrase, add the passphrase to the user's kernel keyring,  and
89       automatically perform the mount. See pam_ecryptfs(8).
90
91

FILES

93       ~/.ecryptfs/auto-mount
94
95       ~/.Private - underlying directory containing encrypted data
96
97       ~/Private - mountpoint containing decrypted data (when mounted)
98
99       ~/.ecryptfs/Private.sig  -  file  containing  signature  of  mountpoint
100       passphrase
101
102       ~/.ecryptfs/Private.mnt - file containing path of the private directory
103       mountpoint
104
105       ~/.ecryptfs/wrapped-passphrase  - file containing the mount passphrase,
106       wrapped with the login passphrase
107
108       ~/.ecryptfs/wrapping-independent - this file  exists  if  the  wrapping
109       passphrase is independent from login passphrase
110
111

SEE ALSO

113       ecryptfs-rewrap-passphrase(1),               mount.ecryptfs_private(1),
114       pam_ecryptfs(8), umount.ecryptfs_private(1)
115
116       /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html
117
118       http://ecryptfs.org/
119
120

AUTHOR

122       This manpage and the  ecryptfs-setup-private  utility  was  written  by
123       Dustin  Kirkland  <kirkland@ubuntu.com>  for Ubuntu systems (but may be
124       used by others).  Permission is granted to copy, distribute and/or mod‐
125       ify  this  document  under the terms of the GNU General Public License,
126       Version 2 or any later version published by the Free  Software  Founda‐
127       tion.
128
129       On Debian and Ubuntu systems, the complete text of the GNU General Pub‐
130       lic License can be found in /usr/share/common-licenses/GPL.
131
132
133
134ecryptfs-utils                    2008-11-17         ecryptfs-setup-private(1)
Impressum