“ecryptfs-mount-private” returns “fopen: No such file or directory”
Recently, we've rebooted server and got ecryptfs mount fail:
...
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
user@host:~$
Could that be because of password change?
Although,
1. There's no mount password
2. We might have login password
When trying to recover mount directory, it outputs:
user@host:~$ ls
Access-Your-Private-Data.desktop README.txt
user@host:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
user@host:~$ sudo ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [ad21fabcda6abfeab] into the user session keyring
fopen: No such file or directory
user@host:~$
So, as you can see, it shows such strange error: fopen: No such file or directory and, also, when running ecryptfs-mount-private without sudo - it fails.
When mounting folder using ecrypts-recover-private and login password it mounts it in temporary folder like a charm.
Also, we've tried to ecryptfs-rewrap-password and it doesn't work without sudo. So, using sudo ecryptfs-rewrap-password succeeded in rewrapping, but after reboot the same situation persists.
All in all, what could this be; how to fix this auto mount encrypted home directory at login?
mount password ecryptfs
asked Jan 11 at 11:21
V.7V.7
8919
add a comment |
Recently, we've rebooted server and got ecryptfs mount fail:
...
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
user@host:~$
Could that be because of password change?
Although,
1. There's no mount password
2. We might have login password
When trying to recover mount directory, it outputs:
user@host:~$ ls
Access-Your-Private-Data.desktop README.txt
user@host:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
user@host:~$ sudo ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [ad21fabcda6abfeab] into the user session keyring
fopen: No such file or directory
user@host:~$
So, as you can see, it shows such strange error: fopen: No such file or directory and, also, when running ecryptfs-mount-private without sudo - it fails.
When mounting folder using ecrypts-recover-private and login password it mounts it in temporary folder like a charm.
Also, we've tried to ecryptfs-rewrap-password and it doesn't work without sudo. So, using sudo ecryptfs-rewrap-password succeeded in rewrapping, but after reboot the same situation persists.
All in all, what could this be; how to fix this auto mount encrypted home directory at login?
mount password ecryptfs
asked Jan 11 at 11:21
V.7V.7
8919
1
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quickless $(which ecryptfs-mount-private)works
– Xen2050
17 hours ago
@Xen2050 Yes, log had this message. Checked withsudo grep "Failed to detect wrapped" -r "/var/log/"and an output had/var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission deniedThank you. It's one of those times when log checking is definitely necessary and it would saved time.
– V.7
17 hours ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago
add a comment |
Recently, we've rebooted server and got ecryptfs mount fail:
...
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
user@host:~$
Could that be because of password change?
Although,
1. There's no mount password
2. We might have login password
When trying to recover mount directory, it outputs:
user@host:~$ ls
Access-Your-Private-Data.desktop README.txt
user@host:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
user@host:~$ sudo ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [ad21fabcda6abfeab] into the user session keyring
fopen: No such file or directory
user@host:~$
So, as you can see, it shows such strange error: fopen: No such file or directory and, also, when running ecryptfs-mount-private without sudo - it fails.
When mounting folder using ecrypts-recover-private and login password it mounts it in temporary folder like a charm.
Also, we've tried to ecryptfs-rewrap-password and it doesn't work without sudo. So, using sudo ecryptfs-rewrap-password succeeded in rewrapping, but after reboot the same situation persists.
All in all, what could this be; how to fix this auto mount encrypted home directory at login?
mount password ecryptfs
asked Jan 11 at 11:21
V.7V.7
8919
Recently, we've rebooted server and got ecryptfs mount fail:
...
Signature not found in user keyring
Perhaps try the interactive 'ecryptfs-mount-private'
user@host:~$
Could that be because of password change?
Although,
1. There's no mount password
2. We might have login password
When trying to recover mount directory, it outputs:
user@host:~$ ls
Access-Your-Private-Data.desktop README.txt
user@host:~$ ecryptfs-mount-private
Enter your login passphrase:
Error: Unwrapping passphrase and inserting into the user session keyring failed [-5]
Info: Check the system log for more information from libecryptfs
ERROR: Your passphrase is incorrect
Enter your login passphrase:
user@host:~$ sudo ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [ad21fabcda6abfeab] into the user session keyring
fopen: No such file or directory
user@host:~$
So, as you can see, it shows such strange error: fopen: No such file or directory and, also, when running ecryptfs-mount-private without sudo - it fails.
When mounting folder using ecrypts-recover-private and login password it mounts it in temporary folder like a charm.
Also, we've tried to ecryptfs-rewrap-password and it doesn't work without sudo. So, using sudo ecryptfs-rewrap-password succeeded in rewrapping, but after reboot the same situation persists.
All in all, what could this be; how to fix this auto mount encrypted home directory at login?
mount password ecryptfs
mount password ecryptfs
asked Jan 11 at 11:21
V.7V.7
8919
asked Jan 11 at 11:21
V.7V.7
8919
edited Jan 12 at 9:50
V.7
asked Jan 11 at 11:21
V.7V.7
8919
asked Jan 11 at 11:21
V.7V.7
8919
asked Jan 11 at 11:21
V.7V.7
8919
8919
1
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quickless $(which ecryptfs-mount-private)works
– Xen2050
17 hours ago
@Xen2050 Yes, log had this message. Checked withsudo grep "Failed to detect wrapped" -r "/var/log/"and an output had/var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission deniedThank you. It's one of those times when log checking is definitely necessary and it would saved time.
– V.7
17 hours ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago
add a comment |
1
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quickless $(which ecryptfs-mount-private)works
– Xen2050
17 hours ago
@Xen2050 Yes, log had this message. Checked withsudo grep "Failed to detect wrapped" -r "/var/log/"and an output had/var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission deniedThank you. It's one of those times when log checking is definitely necessary and it would saved time.
– V.7
17 hours ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago
1
1
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quick
less $(which ecryptfs-mount-private) works– Xen2050
17 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quick
less $(which ecryptfs-mount-private) works– Xen2050
17 hours ago
@Xen2050 Yes, log had this message. Checked with
sudo grep "Failed to detect wrapped" -r "/var/log/" and an output had /var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission denied Thank you. It's one of those times when log checking is definitely necessary and it would saved time.– V.7
17 hours ago
@Xen2050 Yes, log had this message. Checked with
sudo grep "Failed to detect wrapped" -r "/var/log/" and an output had /var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission denied Thank you. It's one of those times when log checking is definitely necessary and it would saved time.– V.7
17 hours ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago
add a comment |
2 Answers
2
active
oldest
votes
In short, user's file wrapped-passphrase had wrong permissions(should be -rw------- user user, were -rw------- root root).
Ran ecryptfs-mount-private command(entered login password) using strace like:
strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
Contents of /tmp/strace.log:
user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096) = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++
So, we see that there's not enough information. Ran the same command(entered login password), but with flag -f to trace child processes and using root's rights:
sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace2.log file:
...
3963 open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964 open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964 open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 +++ exited with 1 +++
3954 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954 +++ exited with 1 +++
As we can see, it can't find a file Private.sig of root; it looks like it should be ran by user who encrypted directory we are trying to recover instead of running in a particular directory.
All in all, I ran this command(entered login password) with user's rights:
strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace3.log file:
...
4137 open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137 open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137 +++ exited with 1 +++
4112 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...
As we can see now, an ecryptfs-mount-private utility can't access user's wrapped-passphrase file which resulted in Permission denied message.
Checked /home/user/.ecryptfs/wrapped-passphrase file's permissions and they were:
-rw------- 1 root root
Changed owner of this file via sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase to user and reran above (ecryptfs-mount-private) command without strace(entered login password) which resulted in success message:
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd: /home/user
answered Jan 11 at 21:30
V.7V.7
8919
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
add a comment |
I set up an ecryptfs private folder, then removed the r & w permission from the wrapped-passphrase file to test... If you had checked the syslog right after seeing the message
Info: Check the system log for more information from libecryptfs
You would have seen lines like this:
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/user/.ecryptfs/wrapped-passphrase]; rc = [-13]
Together those would be a pretty strong arrow pointing to check the permissions of the ~/.ecryptfs/wrapped-passphrase file. (No sudo or strace required)
answered 22 hours ago
Xen2050Xen2050
1,227811
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493931%2fecryptfs-mount-private-returns-fopen-no-such-file-or-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
In short, user's file wrapped-passphrase had wrong permissions(should be -rw------- user user, were -rw------- root root).
Ran ecryptfs-mount-private command(entered login password) using strace like:
strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
Contents of /tmp/strace.log:
user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096) = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++
So, we see that there's not enough information. Ran the same command(entered login password), but with flag -f to trace child processes and using root's rights:
sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace2.log file:
...
3963 open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964 open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964 open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 +++ exited with 1 +++
3954 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954 +++ exited with 1 +++
As we can see, it can't find a file Private.sig of root; it looks like it should be ran by user who encrypted directory we are trying to recover instead of running in a particular directory.
All in all, I ran this command(entered login password) with user's rights:
strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace3.log file:
...
4137 open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137 open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137 +++ exited with 1 +++
4112 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...
As we can see now, an ecryptfs-mount-private utility can't access user's wrapped-passphrase file which resulted in Permission denied message.
Checked /home/user/.ecryptfs/wrapped-passphrase file's permissions and they were:
-rw------- 1 root root
Changed owner of this file via sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase to user and reran above (ecryptfs-mount-private) command without strace(entered login password) which resulted in success message:
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd: /home/user
answered Jan 11 at 21:30
V.7V.7
8919
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
add a comment |
In short, user's file wrapped-passphrase had wrong permissions(should be -rw------- user user, were -rw------- root root).
Ran ecryptfs-mount-private command(entered login password) using strace like:
strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
Contents of /tmp/strace.log:
user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096) = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++
So, we see that there's not enough information. Ran the same command(entered login password), but with flag -f to trace child processes and using root's rights:
sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace2.log file:
...
3963 open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964 open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964 open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 +++ exited with 1 +++
3954 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954 +++ exited with 1 +++
As we can see, it can't find a file Private.sig of root; it looks like it should be ran by user who encrypted directory we are trying to recover instead of running in a particular directory.
All in all, I ran this command(entered login password) with user's rights:
strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace3.log file:
...
4137 open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137 open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137 +++ exited with 1 +++
4112 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...
As we can see now, an ecryptfs-mount-private utility can't access user's wrapped-passphrase file which resulted in Permission denied message.
Checked /home/user/.ecryptfs/wrapped-passphrase file's permissions and they were:
-rw------- 1 root root
Changed owner of this file via sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase to user and reran above (ecryptfs-mount-private) command without strace(entered login password) which resulted in success message:
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd: /home/user
answered Jan 11 at 21:30
V.7V.7
8919
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
add a comment |
In short, user's file wrapped-passphrase had wrong permissions(should be -rw------- user user, were -rw------- root root).
Ran ecryptfs-mount-private command(entered login password) using strace like:
strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
Contents of /tmp/strace.log:
user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096) = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++
So, we see that there's not enough information. Ran the same command(entered login password), but with flag -f to trace child processes and using root's rights:
sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace2.log file:
...
3963 open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964 open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964 open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 +++ exited with 1 +++
3954 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954 +++ exited with 1 +++
As we can see, it can't find a file Private.sig of root; it looks like it should be ran by user who encrypted directory we are trying to recover instead of running in a particular directory.
All in all, I ran this command(entered login password) with user's rights:
strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace3.log file:
...
4137 open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137 open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137 +++ exited with 1 +++
4112 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...
As we can see now, an ecryptfs-mount-private utility can't access user's wrapped-passphrase file which resulted in Permission denied message.
Checked /home/user/.ecryptfs/wrapped-passphrase file's permissions and they were:
-rw------- 1 root root
Changed owner of this file via sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase to user and reran above (ecryptfs-mount-private) command without strace(entered login password) which resulted in success message:
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd: /home/user
answered Jan 11 at 21:30
V.7V.7
8919
In short, user's file wrapped-passphrase had wrong permissions(should be -rw------- user user, were -rw------- root root).
Ran ecryptfs-mount-private command(entered login password) using strace like:
strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
Contents of /tmp/strace.log:
user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096) = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++
So, we see that there's not enough information. Ran the same command(entered login password), but with flag -f to trace child processes and using root's rights:
sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace2.log file:
...
3963 open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964 open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964 open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964 +++ exited with 1 +++
3954 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954 +++ exited with 1 +++
As we can see, it can't find a file Private.sig of root; it looks like it should be ran by user who encrypted directory we are trying to recover instead of running in a particular directory.
All in all, I ran this command(entered login password) with user's rights:
strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`
Part of contents of /tmp/strace3.log file:
...
4137 open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137 open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137 open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137 open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137 open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137 +++ exited with 1 +++
4112 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...
As we can see now, an ecryptfs-mount-private utility can't access user's wrapped-passphrase file which resulted in Permission denied message.
Checked /home/user/.ecryptfs/wrapped-passphrase file's permissions and they were:
-rw------- 1 root root
Changed owner of this file via sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase to user and reran above (ecryptfs-mount-private) command without strace(entered login password) which resulted in success message:
INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
cd: /home/user
answered Jan 11 at 21:30
V.7V.7
8919
edited Jan 12 at 9:58
answered Jan 11 at 21:30
V.7V.7
8919
answered Jan 11 at 21:30
V.7V.7
8919
answered Jan 11 at 21:30
V.7V.7
8919
8919
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
add a comment |
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
You should accept your answer so that search results will show this question has an accepted answer.
– L. Levrel
Jan 12 at 10:00
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
@L.Levrel Thank you, but, unfortunately, I can't. It shows "You can accept your own answer tomorrow"
– V.7
Jan 12 at 10:02
add a comment |
I set up an ecryptfs private folder, then removed the r & w permission from the wrapped-passphrase file to test... If you had checked the syslog right after seeing the message
Info: Check the system log for more information from libecryptfs
You would have seen lines like this:
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/user/.ecryptfs/wrapped-passphrase]; rc = [-13]
Together those would be a pretty strong arrow pointing to check the permissions of the ~/.ecryptfs/wrapped-passphrase file. (No sudo or strace required)
answered 22 hours ago
Xen2050Xen2050
1,227811
add a comment |
I set up an ecryptfs private folder, then removed the r & w permission from the wrapped-passphrase file to test... If you had checked the syslog right after seeing the message
Info: Check the system log for more information from libecryptfs
You would have seen lines like this:
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/user/.ecryptfs/wrapped-passphrase]; rc = [-13]
Together those would be a pretty strong arrow pointing to check the permissions of the ~/.ecryptfs/wrapped-passphrase file. (No sudo or strace required)
answered 22 hours ago
Xen2050Xen2050
1,227811
add a comment |
I set up an ecryptfs private folder, then removed the r & w permission from the wrapped-passphrase file to test... If you had checked the syslog right after seeing the message
Info: Check the system log for more information from libecryptfs
You would have seen lines like this:
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/user/.ecryptfs/wrapped-passphrase]; rc = [-13]
Together those would be a pretty strong arrow pointing to check the permissions of the ~/.ecryptfs/wrapped-passphrase file. (No sudo or strace required)
answered 22 hours ago
Xen2050Xen2050
1,227811
I set up an ecryptfs private folder, then removed the r & w permission from the wrapped-passphrase file to test... If you had checked the syslog right after seeing the message
Info: Check the system log for more information from libecryptfs
You would have seen lines like this:
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Failed to detect wrapped passphrase version: Permission denied
Jan 15 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring: Error attempting to unwrap passphrase from file [/home/user/.ecryptfs/wrapped-passphrase]; rc = [-13]
Together those would be a pretty strong arrow pointing to check the permissions of the ~/.ecryptfs/wrapped-passphrase file. (No sudo or strace required)
answered 22 hours ago
Xen2050Xen2050
1,227811
answered 22 hours ago
Xen2050Xen2050
1,227811
answered 22 hours ago
Xen2050Xen2050
1,227811
answered 22 hours ago
Xen2050Xen2050
1,227811
1,227811
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493931%2fecryptfs-mount-private-returns-fopen-no-such-file-or-directory%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
What was in syslog (or dmesg) right after it said "Check the system log for more information from libecryptfs"?
– Xen2050
22 hours ago
@Xen2050 What a shame. I've just ignored this message because of some fear that files might be gone. You're right. That would be a right way to go. By the way, an author could add some message pointing that there's no permissions etc.
– V.7
20 hours ago
Logfiles can get saved or rotated or deleted, but that shouldn't happen right away. Also, many of the ecryptfs executables are bash scripts than can be examined and even ran one line at a time if you wanted, to see exactly what line's failing, hopefully that might help too. A quick
less $(which ecryptfs-mount-private)works– Xen2050
17 hours ago
@Xen2050 Yes, log had this message. Checked with
sudo grep "Failed to detect wrapped" -r "/var/log/"and an output had/var/log/auth.log.1:Jan 11 18:31:58 host login[3739]: Failed to detect wrapped passphrase version: Permission deniedThank you. It's one of those times when log checking is definitely necessary and it would saved time.– V.7
17 hours ago
I keep a terminal open with tail -f showing new log messages, just in case. zgrep might be handy in case the logs get zipped too. If my answer's useful, do upvote it or even select it as correct (FYI selecting your own answer as correct does not award any reputation)
– Xen2050
1 hour ago