ecryptfs-mount-private failure in Ubuntu 18.04: mount: No such file or directory

ecryptfs is not installed by default in Ubuntu 18.04 (as already mentioned in this AU question).

When I installed ecryptfs via apt-get everything seemed to work fine at first. But after a reboot I get the following error when using ecryptfs-mount-private:

mount: No such file or directory

Any idea how to fix this problem?
It seems to be solved in Linux Mint 19 Tara.


Update 2019 Sept:

This bug is now appearing for me in Debian 10 (buster). After some additional investigation, the problem seems to be a missing entry in /etc/pam.d/lightdm

I believe there should be a line:

# Create a new session keyring.
session    optional   pam_keyinit.so force revoke

before:

@include common-account

Original, 2018 Sept post, the following work-around still works, but the fix above might be more correct:

With Ubunutu 18.04 and lightdm / systemd (the GUI login screen) there is something broken wrt Kernel keyring (as of 2018 Sept). This breaks some functionality in the ecryptfs scripts, which make use of the session key-ring.

After logging into your account via the GUI (lightdm), you will notice that your session keyring is not initialized correctly:

keyctl show

There are several work-arounds to this. One was noted by @serg-tt which uses a Linux Console login.

To fix this bug, and get the default user session keyring applied after a GUI login, I put a (temporary) fix by adding a file:

/etc/X11/Xsession.d/98fix-keyring

The contents of this file:


# Work around a bug in lightdm and/or systemd that leaves
# an incorrect session keyring (a root owned keyring)
# applied. I think this supposed to be fixed in pam
# by pam_keyinit.so, however, it does not seem to be
# working.

# Try and use the default session keyring for the user:
[ "$UID" ] || UID=`id -u`
keyringname=_uid_ses.$UID
## keyctl show > /tmp/fix-keyring$$ #DEBUG

STARTUP="keyctl session $keyringname $STARTUP"

After applying this fix, you would need to log out and log back in again.


ecryptfs-mount-private is a relatively short (65 lines without comments) shell script, but the only mount call is to mount.ecryptfs_private, and it requires the following files/directories, are they all there?

  • $HOME/.Private as the SOURCE
  • $HOME/Private as the DESTINATION
  • $HOME/.ecryptfs/Private.sig for the key signatures.
  • $HOME/.ecryptfs/wrapped-passphrase

"No such directory" sounds like you're missing ~/Private or ~/.Private. Maybe ecryptfs-setup-private wasn't entirely successful? You could step through it one line at a time if you wanted to, this command lets you see it:

less `which ecryptfs-setup-private`