ecryptfs default config

Damian Ivanov damianatorrpm at
Sun Sep 2 15:07:11 UTC 2012

I changed it using root account, since like you correctly told
init=/bin/bash dropped me directly to root account.

2012/9/2 John Moser <john.r.moser at>:
> did you change your password from your account or using the root account?
> It looks like pam actually stores encryption keys in /var/lib/ somewhere and
> can re-cypher them.  That only works if you enter the previous password when
> changing passwords, though (which I hadn't considered, since normally when
> you init=/bin/bash you drop straight to root...)
> On 09/02/2012 09:37 AM, Damian Ivanov wrote:
>> Hi John,
>> I appreciate your fast answer!
>> So what can I do to prevent this default behaviour? e.g if password
>> gets changed data is unreadable unless to have the secret key?
>> Wouldn't this be a more reasonable default?
>> Best regards,
>> Damian
>> 2012/9/2 John Moser <john.r.moser at>:
>>> Yes that would indicate that there's a key stored somewhere that doesn't
>>> need a known secret, unless pam is storing a key and re-crypting it when
>>> you
>>> change passwords (unlikely).
>>> On 09/02/2012 09:16 AM, Damian Ivanov wrote:
>>>> Hi folks,
>>>> I just did an ubuntu 12.04 fresh install and I wanted to test
>>>> something in ecryptfs. So basically I selected during install to
>>>> require password to login and to encrypt home folder. I logged in and
>>>> created secret.txt on my desktop and shut down. I booted up again but
>>>> in bootloader I appended init=/bin/bash booted into the root shell,
>>>> did a
>>>> mount -o remount,rw / and passwd $my_user set a new password and
>>>> rebooted.  After reboot I logged into $my_user account with the new
>>>> password. secret.txt is readable and all other files too. Is this the
>>>> expected behaviour?! If yes isn't it better to change the behaviour to
>>>> something more secure...
>>>> Regards,
>>>> Damian

More information about the Ubuntu-devel-discuss mailing list