summaryrefslogtreecommitdiff
path: root/doc/manpage/mount.ecryptfs_private.1
blob: c3510fb04c8ad23e3b8779e9a9af6c0f626106b8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
.TH mount.ecryptfs_private 1 2008-07-21 ecryptfs-utils "eCryptfs"
.SH NAME
mount.ecryptfs_private \- eCryptfs private mount helper.

.SH SYNOPSIS
\fBmount.ecryptfs_private [ALIAS]\fP

\fBNOTE:\fP This program will \fBnot\fP dynamically load the relevant keys.  For this reason, it is recommended that users use \fBecryptfs-mount-private\fP(1) instead!

.SH DESCRIPTION
\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users to cryptographically mount a private directory, ~/Private by default.

This program optionally takes one argument, ALIAS.  If ALIAS is omitted, the program will default to using "Private" using:
 - $HOME/.Private as the SOURCE
 - $HOME/Private as the DESTINATION
 - $HOME/.ecryptfs/Private.sig for the key signatures.

If ALIAS is specified, then the program will look for an \fBfstab\fP(5) style configuration in:
 - $HOME/.ecryptfs/ALIAS.conf
and for key signature(s) in:
 - $HOME/.ecryptfs/ALIAS.sig

The mounting will proceed if, and only if:
  - the required passphrase is in their kernel keyring, and
  - the current user owns both the SOURCE and DESTINATION mount points
  - the DESTINATION is not already mounted

This program will:
  - mount SOURCE onto DESTINATION
  - as an ecryptfs filesystem
  - using the AES cipher
  - with a key length of 16 bytes
  - using the passphrase whose signature is in ~/.ecryptfs/Private.sig

The only setuid operation in this program is the call to \fBmount\fP(8) or \fBumount\fP(8).

The \fBecryptfs-setup-private\fP(1) utility will create the ~/.Private and ~/Private directories, generate a mount passphrase, wrap the passphrase, and write the ~/.ecryptfs/Private.sig.

The system administrator can add the pam_ecryptfs.so module to the PAM stack which will automatically use the login passphrase to unwrap the mount passphrase, add the passphrase to the user's kernel keyring, and automatically perform the mount. See \fBpam_ecryptfs\fP(8).

.SH FILES
\fI~/.Private\fP - underlying directory containing encrypted data

\fI~/Private\fP - mountpoint containing decrypted data (when mounted)

\fI~/.ecryptfs/Private.sig\fP - file containing signature of mountpoint passphrase

\fI~/.ecryptfs/wrapped-passphrase\fP - mount passphrase, encrypted with the login passphrase

.SH SEE ALSO
.PD 0
.TP
\fBecryptfs\fP(7), \fBecryptfs-rewrap-passphrase\fP(1), \fBecryptfs-setup-private\fP(1), \fBkeyctl\fP(1), \fBmount\fP(8), \fBumount.ecryptfs_private\fP(1), \fBpam_ecryptfs\fP(8), \fBfstab\fP(5)

.TP
\fI/usr/share/doc/ecryptfs-utils/ecryptfs-faq.html\fP

.TP
\fIhttp://ecryptfs.org/\fP
.PD

.SH AUTHOR
This manpage and the \fBmount.ecryptfs_private\fP utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others).  Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation.

On Debian and Ubuntu systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.