On 08/07/2018 02:33 PM, Neil Rickert wrote:
A user owns two directories there: "/home/user" and "/home/.ecryptfs/user". There is a subdirectory "/home/.ecryptfs/user/.Private" which contains the encrypted version of the user home directory. When that is unlocked, the decrypted version is mounted on top of "/home/user".
The idea is to put ".ssh" in "/home/.ecryptfs/user" and have a symlink to it in "/home/user" which will be what you see when the encrypted directory is not unlocked. And then you need another symlink that is put there when the encrypted directory is unlocked. That second symlink is only visible with the encrypted directory is unlocked. And, of course, there is an encrypted version of that symlink in "/home/.ecryptfs/user/.Private/".
Neil, Thanks for the additional details. Some of the process is much clearer with them. But there must be a lot more magic to it, because, as given, there are still theoretical gaps in the functioning of the files and symlinks. For instance, if I have encrypted files in /home/.encryptfs/user/.ssh/ and then a symlink from that directory to /home/user/, prior to the former being decrypted, I should not be able to read the files there. Just creating a symlink to an encrypted directory does not decrypt it and its files. So I don't see how it would be possible to remotely log into such a system, being that ~/.ssh (the symlink) would point to an encrypted directory. As well, I'm not understanding the endpoints of the second symlink. It's created after /home/.encryptfs/user/ is decrypted (and mounted), yes? What would be the command to create that symlink then? If I can sufficiently understand encryptfs, as you seem to do, then it would be a really nice solution to an issue I'm looking at. Thanks much. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org