-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lock folder after logout #196
Comments
The short answer is that following the directions on the Wiki is already supposed to result in directories being automatically locked after logout, but it doesn't work reliably due to systemd/systemd#8598, and possibly due to an additional ordering issue as well. We might be able to solve this by implementing #95. |
I found a workaround based on what is describes in systemd/systemd#8598 that seems to work as long as no systemd-user services are used. After removing /etc/pam.d/systemd-user the folders are locked immediately after logout. |
There is a slightly more elegant solution.
After that, just enable it for the user you want to lock folder after logout. sudo systemctl enable fscryptLockSample@1000 |
With the newest features in kernel 5.4 I wanted to use fscrypt with the new unprivileged lock feature to have the home directory of a user locked after logout.
I used the instruction in the arch wiki to have the home automatically unlocked during login
https://wiki.archlinux.org/index.php/Fscrypt#Auto-unlocking_directories
However have still to figure out how to lock the folder after logout.
running 'sudo -u myuser fscrypt lock /home/myuser --user=myuser' (as root) works fine, but having fscrypt lock in .bash_logout results in errors about files still being opened.
So how do I let pam handle this? Is this already supported in fscrypt?
I don't know if this is related but the only error message from fscrypt I could find in my logs is this:
However this is generated during login and the unlocking works fine
Here is my fscrypt.conf
The text was updated successfully, but these errors were encountered: