Move ecryptfs .Private directory to another partition
Solution 1:
I also wanted to accomplish the same thing, so I've tested a little bit and realized that symlinks alone can do what we want.
You can simply move the .Private folder to some other partition, and create a symlink at the old location pointing to the location of .Private in the new partition.
Automount and unmount still works perfectly.
Solution 2:
You can add volume definitions to /etc/security/pam_mount.conf.xml
:
<volume user="steve" mountpoint="/home/steve/.Private" path="/dev/loop0" fstype="crypt" />
and make sure pam includes this by adding @include common-pammount
in /etc/pam.d/login
and /etc/pam.d/gdm
.
During bootup the loop device is setup by adding in /etc/rc.local
:
losetup /dev/loop0 /data0/private/steve
Make sure the file setup as the loop device is the LUKS encrypted file (run file
on the datadirectory).
You can check beforehand if this should work by running the following commands (run them one by one so you can type in the password), and assuming the file with the encrypted partition is /data0/private/steve
and that /home/steve/.Private
is an empty directory:
losetup /dev/loop0 /data0/private/steve
cryptsetup luksOpen /dev/loop0 home.crypt
mount /dev/mapper/home.crypt /home/steve/.Private
For the automount to work, I had to make my login password the same as for the encrypted file on the big partition.