Move ecryptfs .Private directory to another partition

Solution 1:

I also wanted to accomplish the same thing, so I've tested a little bit and realized that symlinks alone can do what we want.

You can simply move the .Private folder to some other partition, and create a symlink at the old location pointing to the location of .Private in the new partition.

Automount and unmount still works perfectly.

Solution 2:

You can add volume definitions to /etc/security/pam_mount.conf.xml:

<volume user="steve" mountpoint="/home/steve/.Private" path="/dev/loop0" fstype="crypt" />

and make sure pam includes this by adding @include common-pammount in /etc/pam.d/login and /etc/pam.d/gdm.

During bootup the loop device is setup by adding in /etc/rc.local:

losetup /dev/loop0 /data0/private/steve

Make sure the file setup as the loop device is the LUKS encrypted file (run file on the datadirectory).

You can check beforehand if this should work by running the following commands (run them one by one so you can type in the password), and assuming the file with the encrypted partition is /data0/private/steve and that /home/steve/.Private is an empty directory:

losetup /dev/loop0 /data0/private/steve
cryptsetup luksOpen /dev/loop0 home.crypt
mount /dev/mapper/home.crypt /home/steve/.Private

For the automount to work, I had to make my login password the same as for the encrypted file on the big partition.