[Bug 260346] [NEW] ecryptfs-setup-private should check that Private and .Private are empty

[Launchpad Bug Tracker]

You have been subscribed to a public bug by Daniel Holbach (dholbach):

Binary package hint: ecryptfs-utils

ecryptfs-setup-private should check that Private and .Private are empty
before setting up.

If data already exists in ~/Private, and pam_ecryptfs regularly performs
a mount on top of it, then the that data would be hidden from view, and
not encrypted (as the user might expect).

If data already exists in ~/.Private, then that's likely encrypted data,
which will probably not be readable once we generate a new mounting
passphrase, etc.

Thus, we need to stop ecryptfs-setup-private and tell the user to clear
out those directories before proceeding.

*** Note, it would be very nice to provide a utility to "encrypt" the
existing data in place, in an existing Private directory.  Would could
uses something like "rsync -a" to copy the data to a tempdir, perform
the ecryptfs mount, and then sync the data back into place.  However,
all sorts of race conditions could occur, with other processes
potentially reading/writing data during the "encryption migration"--a
much harder problem to solve than it initially seems.

:-Dustin

** Affects: ecryptfs-utils (Ubuntu)
     Importance: Medium
     Assignee: Dustin Kirkland (kirkland)
         Status: Fix Released

-- 
ecryptfs-setup-private should check that Private and .Private are empty
https://bugs.launchpad.net/bugs/260346
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is a direct subscriber.