Ubuntu – ecryptfs-mount-private failure in Ubuntu 18.04: mount: No such file or directory

ecryptfsencryption

ecryptfs is not installed by default in Ubuntu 18.04 (as already mentioned in this AU question).

When I installed ecryptfs via apt-get everything seemed to work fine at first. But after a reboot I get the following error when using ecryptfs-mount-private:

mount: No such file or directory

Any idea how to fix this problem?
It seems to be solved in Linux Mint 19 Tara.

Best Answer

  • Update 2019 Sept:

    This bug is now appearing for me in Debian 10 (buster). After some additional investigation, the problem seems to be a missing entry in /etc/pam.d/lightdm

    I believe there should be a line:

    # Create a new session keyring.
    session    optional   pam_keyinit.so force revoke
    

    before:

    @include common-account
    

    Original, 2018 Sept post, the following work-around still works, but the fix above might be more correct:

    With Ubunutu 18.04 and lightdm / systemd (the GUI login screen) there is something broken wrt Kernel keyring (as of 2018 Sept). This breaks some functionality in the ecryptfs scripts, which make use of the session key-ring.

    After logging into your account via the GUI (lightdm), you will notice that your session keyring is not initialized correctly:

    keyctl show
    

    There are several work-arounds to this. One was noted by @serg-tt which uses a Linux Console login.

    To fix this bug, and get the default user session keyring applied after a GUI login, I put a (temporary) fix by adding a file:

    /etc/X11/Xsession.d/98fix-keyring
    

    The contents of this file:

    
    # Work around a bug in lightdm and/or systemd that leaves
    # an incorrect session keyring (a root owned keyring)
    # applied. I think this supposed to be fixed in pam
    # by pam_keyinit.so, however, it does not seem to be
    # working.
    
    # Try and use the default session keyring for the user:
    [ "$UID" ] || UID=`id -u`
    keyringname=_uid_ses.$UID
    ## keyctl show > /tmp/fix-keyring$$ #DEBUG
    
    STARTUP="keyctl session $keyringname $STARTUP"
    

    After applying this fix, you would need to log out and log back in again.