On a fresh installed OpenSUSE 13.1 I want to create a new user with an encrypted home directory. I can’t make it work, no matter what I do I just get two unused files in /home and an unencrypted normal home directory for the user.
I boot the PC and login as root, start “Control Center” and choose “User and Group Management”. In “Users” tab I click Add to create the new user. On the User Data tab I fill in user name and password and then click on the Details tab. Here I mark “Use Encrypted Home Directory” and the Directory Size in MB turns to 100. Now I click OK to exit the setup for the new user. In the main window I click OK again to apply the creating, The “Writing User and Group Configuration” checks the first four lines, but stops on “Write passwords”. Error message box “stat: No such file or directory. Failed to open image”. I click OK to close the error, and the configuration continues and then exits.
In addition to the normal home directory /home/username, in /home appears two files: username.img sized 100 MiB and username.key 288 bytes. So the new user should be created OK, right ? Well, I can login as the new user, but the encryption is not activated, and the username.img is just, 100 MiB NULL bytes and never changes. No /dev/loop is in use, and df shows no sign of a mounted encrypted loop file.
So I try again, reboot PC to get a clean slate and login as root and move the two files into hiding and then use YaST to delete the user, including deleting the home directory. Another reboot to make sure the user is gone, and then I bring back the two files to /home, and try to create the user again.
This time the error message is “/home/username.img already exists. Use --force to overwrite it.” I click OK, and the user is created, but still the encryption is not used.
How can I make YaST use the --force option ? I can’t find anywhere in the YaST settings where I can set that. Can YaST create an encrypted home, or is this a bug ?
I do recall that for 12.3, you had to do “modprobe loop” to force the loading of the loop module, if you wanted this to work. Or you could force loading in “/etc/sysconfig/kernel” (if I recall correctly).
On 2013-11-22 19:56, nrickert wrote:
>
> I have not tried it with 13.1.
>
> I do recall that for 12.3, you had to do “modprobe loop” to force the
> loading of the loop module, if you wanted this to work. Or you could
> force loading in “/etc/sysconfig/kernel” (if I recall correctly).
Both cases would be a bug. Is it, no, are they reported in bugzilla?
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
You’re right, loading loop module makes encrypted home directory work.
I logged in as root and loaded the loop module with
modprobe -v loop
on a command line. Then I ran YaST and created the user with encrypted home directory without problems, and when I login as the user, the encryption is effective.
Now I can login as the user with active encryption, I didn’t have to do anything extra to make OpenSUSE load the loop module at boot time, it happens automagically. The directory /etc/modules-load.d/ is still empty, so the loop module must be loaded somewhere else.
> on a command line. Then I ran YaST and created the user with encrypted
> home directory without problems, and when I login as the user, the
> encryption is effective.
>
> Now I can login as the user with active encryption, I didn’t have to do
> anything extra to make OpenSUSE load the loop module at boot time, it
> happens automagically. The directory /etc/modules-load.d/ is still
> empty, so the loop module must be loaded somewhere else.
Well, that’s a bug in YaST, so please report it in bugzilla.