eCryptfs

ecryptfs-migrate-home with ldap users: nopwcheck necessary

Bug #1630477 reported by Dominik Gierlach
36
This bug affects 7 people
Affects Status Importance Assigned to Milestone
eCryptfs
Fix Committed
Undecided
Unassigned

Bug Description

The password check of ecryptfs-setup-private fails for ldap/sssd users.
ecryptfs-setup-private implements the "--nopwcheck" option for this reason.

This option is not available for ecryptfs-migrate-home, which makes it impossible to use ecryptfs to encrypt the home directories of domain users.

ecryptfs-migrate-home is a wrapper for ecryptfs-setup-private, but the "--nopwcheck" option cannot be used.
If the option is added to the call of ecryptfs-setup-private, ecryptfs-migrate-home can easily be used for ldap users.

Is there any reason why the option should not be implemented for ecryptfs-migrate-home?

Related branches

lp:~dominik-gierlach/ecryptfs/ecryptfs
Tyler Hicks: Approve
Diff: 63 lines (+12/-3)
2 files modified
doc/manpage/ecryptfs-migrate-home.8 (+3/-0)
src/utils/ecryptfs-migrate-home (+9/-3)
lp:ecryptfs
Revision history for this message
Dominik Gierlach (dominik-gierlach) wrote :

Possible fix in merge request:
https://code.launchpad.net/~dominik-gierlach/ecryptfs/ecryptfs/+merge/307669

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Fix committed to lp:ecryptfs as r891.

Changed in ecryptfs:
status: New → Fix Committed
Revision history for this message
Murz (murznn) wrote :

Thanks for fixing, seems work, but not available in most of Linux repositories. Does this patch included in last release of ecryptfs-utils?

Revision history for this message
Murz (murznn) wrote :

Still did't work on Ubuntu 20.04:
```
$ sudo ecryptfs-migrate-home -u myuser --nopwcheck

Usage:

/usr/bin/ecryptfs-migrate-home -u USER

 -u,--user Migrate USER's home directory to an encrypted home directory

WARNING: Make a complete backup copy of the non-encrypted data to
another system or external media. This script is dangerous and, in
case of an error, could result in data lost, or lock you out of your
system!

This program must be executed by root.
```
Package ecryptfs-utils at version 111-0ubuntu7

Maybe I need to do some additional manual actions for make this work?

Revision history for this message
Alexander Fieroch (fieroch) wrote :

Unfortunately, this fix is still not in Ubuntu 22.04 with ecryptfs-utils 111-5ubuntu1.

Is there any reason, why a fix committed a long time ago is still not in the current release?

Revision history for this message
Alexander Fieroch (fieroch) wrote :

This fix is already in the source repository for 5 years but still not in current Ubuntu packages (22.04)!
Please update the deb-packages for Ubuntu to use the current release! Thanks!

Revision history for this message
eedo (eedoza) wrote :

Waiting for this as well. Is there a workaround? (Ubuntu 22)

Revision history for this message
suoko (suoko) wrote :

Ubuntu 14.04 and the fix is still missing.
Now that Ubuntu offers both AAD join and intune, this fix has become quite useful

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.