Linux Mint - Free and powerful

Wednesday, 5 January 2011

Caught out by being overzealous - Remove Home directory encryption

I reinstalled a fresh system yesterday and added details of how to encrypt and why to encrypt. While thinking about it my install asked my whether I wanted to encrypt the home folder. Why yes of course, forgetting how dire the implementation is or the consequences of my actions.

Just do not do it ok!

Here is how to reverse your mistake (an extract).

From the guys at askubuntu 

  1. Backup the home directory while you are logged in sudo cp -rp /home/user /home/user.backup 1.1. Check that your home backup has everything!!!
  2. reboot into root via grub
  3. Delete your home directory rm -rf /home/user
  4. Remove the packages apt-get remove ecryptfs-utils libecryptfs0
  5. Restore your home directory mv /home/user.backup /home/user
  6. reboot
  7. Remove any of those .Private .ecryptfs folders rm -rf ~/.Private rm -rf ~/.ecryptfs
  8. Yay!
  • "reboot into root via grub" was a bit unclear to me; I didn't reboot, just switched to using root (another user account with sudo privileges would work equally well).
  • Before removing the packages ecryptfs-utils and libecryptfs0 would work, I needed to remove /home/.ecryptfs/. (It complained that ecryptfs-utils was in use.)
Here you are, hope this helps:
$ ecryptfs-setup-private --undo
The output claims:
 In the event that you want to remove your eCryptfs Private Directory setup, you will need to very carefully perform the following actions manually:

1. Obtain your Private directory mountpoint
    $ PRIVATE=`cat ~/.ecryptfs/Private.mnt 2>/dev/null || echo $HOME/Private`

2. Ensure that you have moved all relevant data out of your $PRIVATE directory

3. Unmount your encrypted private directory
    $ ecryptfs-umount-private

4. Make your Private directory writable again
    $ chmod 700 $PRIVATE

5. Remove $PRIVATE, ~/.Private, ~/.ecryptfs
    $ rm -rf $PRIVATE ~/.Private ~/.ecryptfs

6. Uninstall the utilities (this is specific to your Linux distribution)
    $ sudo apt-get remove ecryptfs-utils libecryptfs0

Sounds easy?

Actually there is more to be done. You can not uninstall crypt libraries while they are in use. So go to crypttab and comment out the swap file entry. Then go to fstab and comment out any encrypted partitions. Lastly remove any of your entries from /etc/security/pam_mount_conf.xml

Reboot and remove the cryptlibs and reboot. Reinstall the cryptlibs edit the the files again and restore your entries and you should be good to go.

Hmmm :-(


Post a Comment

Thank you for taking the time to comment. Your opinion is important and of value and we appreciate the positive feedback! If you are "Negative Nancy" then please do us, and humanity, a favor, and piss off.

Total Pageviews

Google+ Followers


Blog Archive

Popular Posts

Recent Comments

Rays Twitter feed


Web sites come and go and information is lost and therefore some pages are archived. @rayd123. Powered by Blogger.