I Need help decrypting other Hard Drive with ecryptfs

Hi, I hope someone here can help me. I’m using OpenSUSE 13.1 and I’m trying to decrypt a Home folder from a different hard drive with ecryptfs but when I use ecryptf-recover-private it gives me this:
**
INFO: Searching for encrypted private directories (this might take a while)…
find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/var/run/user/1000/gvfs’: Permission denied**

Does anyone know how to solve this problem? or is there a better way to decrypt the folder from a separate hard drive?

Any help would be greatly appreciated.

Those particular messages should not cause a problem. What is being searched for is not below those mount points. Perhaps the script is too sensitive.

Here’s another possibility: Create a new user on your system. Make the home directory of that new user on that different hard drive. Give the new user the same UID as that user had (even if it duplicates an existing user). Check if the home directory for that new user has symlinks that are relevant to “ecryptfs” (symlinks for “.ecryptfs” and for “.Private”. You might have to fix those if they are not relative links.

Then login as that user and attempt to mount the private directory.

I’m kind of a newbie, can you please be a little more specific about the symlinks? how and where do I find them or how do I fix them? or what if they don’t exist?

Also when creating the new user with the same UID it gives me a conflict error, between the entered username and existing username.

Oops!

I meant to mention that you should create the new user by directly editing “/etc/passwd” (using “vipw”), and then editing “/etc/shadow” (using “vipw -s”). The fancy ways of creating a user won’t like the duplicate and will also want to mess around with files in the home directory.

When you use ecryptfs for an encrypted home directory, you usually have to have “.ecryptfs” and “.Private” somewhere else, such as in “/home/.ecryptfs”, with symlinks to there.

I’ve only done this in opensuse. I’m not sure exactly how ubuntu sets that up. Here’s part of what I see on a system where I have set it up that way:


% ls -al
total 16
drwxr-xr-x 4 rickert users 4096 Jan  6 18:00 .
drwxr-xr-x 9 root    root  4096 Nov 21 13:36 ..
lrwxrwxrwx 1 rickert users   24 Apr  4  2013 bin -> ../.ecryptfs/rickert/bin
drwx------ 3 rickert users 4096 Dec  3 13:57 .config
lrwxrwxrwx 1 rickert users   32 Apr  4  2013 .csh.expert -> ../.ecryptfs/rickert/.csh.expert
lrwxrwxrwx 1 rickert users   27 Apr  4  2013 .cshrc -> ../.ecryptfs/rickert/.cshrc
lrwxrwxrwx 1 rickert users   26 Apr  4  2013 .dmrc -> ../.ecryptfs/rickert/.dmrc
lrwxrwxrwx 1 rickert users   30 Apr  4  2013 .ecryptfs -> ../.ecryptfs/rickert/.ecryptfs
lrwxrwxrwx 1 rickert users   24 Apr  4  2013 lib -> ../.ecryptfs/rickert/lib
lrwxrwxrwx 1 rickert users   27 Apr  4  2013 .login -> ../.ecryptfs/rickert/.login
dr-x------ 2 rickert   500 4096 Jan  4  2012 Private
lrwxrwxrwx 1 rickert users   29 Apr  4  2013 .Private -> ../.ecryptfs/rickert/.Private
lrwxrwxrwx 1 rickert users   25 Apr  4  2013 .ssh -> ../.ecryptfs/rickert/.ssh

Some of those links are there for my own private reasons. However, the links for “.Private” and for “.ecryptfs” are part of what makes it work. You will notice that I used relative links. If I had used absolute links, such as


.Private -> /home/.ecryptfs/rickert/.Private

then I would have additional difficulties.

If this still does not help, then post the output from “ls -al” on that other directory. Make sure that you use code tags for posting. You can generate code tags with the “#” button on the reply edit box (with the code lines selected by your mouse).

It seems a little complicated for me, I wouldn’t know exactly how to edit the file. Sorry I’m such a linux newbie, I kinda need like step by step instructions.

I would still request the output from running “ls -al” while you have changed into the home directory of the user on that other disk. And remember to use code tags.

Thanks for trying to help out. First, how do I setup the new user with vipw? how am I supposed to edit the file?

On 2014-01-07 04:06, theuniverse wrote:
>
> Thanks for trying to help out. First, how do I setup the new user with
> vipw? how am I supposed to edit the file?

vipw, which has to be started on a terminal, starts the editor with the
appropriate file already opened. You set the environment variable
“EDITOR” to the editor of your choice: I suggest mcedit, provided you
install ‘mc’ first. Otherwise, you could use ‘joe’.

For this, you edit the file “/root/.bashrc” to add this entry:


export EDITOR=/usr/bin/mcedit

Alternatively, you can do:


su -
EDITOR=/usr/bin/mcedit  vipw

If you do not do any of this, ‘vipw’ will default to use ‘vi’, which you
probably will not like.

What he is telling you to do is to find the line of your user and copy
it, changing the user name and the home directory.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

If he provides the requested directory listing, then I can probably give more detailed step-by-step instructions. But I cannot be sure of that until I see what we have.

Thanks for helping with “vipw”. And yes, “EDITOR=” can be useful.

OK this is what I got:

ls -al
total 3844
drwxr-xr-x 40 pc   users    4096 Jan  6 22:47 .
drwxr-xr-x  5 root root     4096 Jan  5 21:31 ..
drwx------  3 pc   users    4096 Jan  5 18:53 .adobe                                                                                                                                          
-rw-------  1 pc   users    3369 Jan  6 22:09 .bash_history                                                                                                                                   
-rw-r--r--  1 pc   users    1177 Jan  5 18:43 .bashrc                                                                                                                                         
drwxr-xr-x  2 pc   users    4096 Jan  5 18:43 bin                                                                                                                                             
-rw-r--r--  1 pc   users     196 Jan  6 06:01 .BOINC Manager                                                                                                                                  
drwx------ 19 pc   users    4096 Jan  6 22:38 .cache
drwxr-xr-x  3 pc   users    4096 Jan  5 20:26 .color
drwx------ 29 pc   users    4096 Jan  6 22:37 .config
drwx------  3 pc   users    4096 Jan  5 18:44 .dbus
drwxr-xr-x  4 pc   users    4096 Jan  6 22:35 Desktop
-rw-------  1 pc   users      67 Jan  5 19:41 .directory
-rw-------  1 pc   users      29 Jan  6 17:50 .dmrc
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Documents
drwxr-xr-x  5 pc   users    4096 Jan  6 20:48 Downloads
-rw-------  1 pc   users     159 Jan  5 21:41 duplicity-full.20140106T024122Z.manifest
-rw-------  1 pc   users     117 Jan  5 21:41 duplicity-full.20140106T024122Z.vol1.difftar.gz
-rw-------  1 pc   users     140 Jan  5 21:41 duplicity-full-signatures.20140106T024122Z.sigtar.gz
-rw-r--r--  1 pc   users    1637 Jan  5 18:43 .emacs
-rw-------  1 pc   users      16 Jan  5 18:44 .esd_auth
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 .fonts
drwxr-xr-x 24 pc   users    4096 Jan  6 22:43 .gimp-2.8
drwx------  3 pc   users    4096 Jan  6 03:31 .gnome2
drwx------  2 pc   users    4096 Jan  5 20:41 .gnome2_private
drwx------  3 pc   users    4096 Jan  6 17:50 .gnupg
drwxr-xr-x  2 pc   users    4096 Jan  5 20:27 .gstreamer-0.10
-rw-r--r--  1 pc   users     439 Jan  5 20:45 .gtkrc-2.0
lrwxrwxrwx  1 pc   users      19 Jan  5 20:45 .gtkrc-2.0-kde4 -> /home/pc/.gtkrc-2.0
lrwxrwxrwx  1 pc   users      31 Jan  6 05:54 gui_rpc_auth.cfg -> /var/lib/boinc/gui_rpc_auth.cfg
-rw-------  1 pc   users    1670 Jan  6 17:50 .ICEauthority
drwxr-xr-x  3 pc   users    4096 Jan  6 01:58 .icedtea
-rw-r--r--  1 pc   users     861 Jan  5 18:43 .inputrc
drwxr-xr-x  3 pc   users    4096 Jan  5 01:22 .invent
drwxr-xr-x  4 pc   users    4096 Jan  6 04:50 .java
drwx------  6 pc   users    4096 Jan  5 20:36 .kde4
drwx------  3 pc   users    4096 Jan  5 18:44 .local
drwx------  3 pc   users    4096 Jan  5 18:53 .macromedia
drwx------  5 pc   users    4096 Jan  6 04:47 .mozilla
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Music
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Pictures
drwx------  3 pc   users    4096 Jan  5 21:50 .pki
dr-x------  2 root root     4096 Jan  6 16:51 Private
-rw-r--r--  1 pc   users    1028 Jan  5 18:43 .profile
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Public
drwxr-xr-x  2 pc   users    4096 Jan  5 18:43 public_html
-rw-------  1 pc   users     256 Jan  6 04:35 .pulse-cookie
drwxr-xr-x  5 pc   users    4096 Jan  5 19:16 .rcc
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 .skel
drwx------  6 pc   users    4096 Jan  6 23:14 .Skype
drwx------  2 pc   users    4096 Jan  5 23:15 SpiderOak Hive
drwx------  2 pc   users    4096 Jan  5 20:26 .ssh
drwxr-xr-x  2 pc   users    4096 Jan  6 04:36 .steam
lrwxrwxrwx  1 pc   users      27 Jan  6 04:35 .steampath -> /home/pc/.steam/bin32/steam
lrwxrwxrwx  1 pc   users      25 Jan  6 04:35 .steampid -> /home/pc/.steam/steam.pid
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Templates
drwx------  4 pc   users    4096 Jan  5 19:53 .thumbnails
drwxr-xr-x  2 pc   users    4096 Jan  5 18:44 Videos
drwxr-xr-x  4 pc   users    4096 Jan  6 16:35 .wine
-rw-------  1 pc   users     214 Jan  6 22:47 .Xauthority
-rw-r--r--  1 pc   users    1940 Jan  5 18:43 .xim.template
-rwxr-xr-x  1 pc   users    1112 Jan  5 18:43 .xinitrc.template
-rw-r--r--  1 pc   users 3575808 Sep 29  2007 XP_LIVE_Bluerise_VS_v1.1.msstyles
-rw-------  1 pc   users       0 Jan  6 22:47 .xsession-errors
-rw-------  1 pc   users   19447 Jan  6 23:18 .xsession-errors-:0
-rw-r--r--  1 pc   users   94167 Jan  6 14:54 .y2log
-rw-r--r--  1 pc   users     282 Jan  6 14:53 .y2usersettings

I hope that helps.

I am looking for a directory “.ecryptfs” and a directory “.Private”.

I don’t see them. So they are probably elsewhere, either in another directory on the same partition or on a different partition or even a different disk.

That might by why your attempt to run that recovery script failed.

The “.Private” directory will contain the encrypted data you want to recover. And the “.ecryptfs” directory will contain some settings such as where to mount and the wrapped password.

On second thoughts, I wonder if you have listed the wrong directory. The file dates there are mostly very recent. I would expect older dates in a directory that you are trying to recover.

I just didn’t know I had to go into the folder with the terminal first before typing “ls -al”, these are my new results from the folder I’m trying to decrypt:

ls -al
total 28
drwxr-xr-x  5 root root  4096 Jun 10  2012 .
drwxr-x---+ 4 root root    80 Jan  7 00:14 ..
drwxr-xr-x  3 root root  4096 Sep 30  2011 .ecryptfs
drwx------  3 root root 16384 Sep 30  2011 lost+found
dr-x------  4 pc   1000  4096 Sep 30  2011 Home


Still no “.Private”. It might be elsewhere. Or, may the directory “Home” is playing that role.

I would expect “.ecryptfs” and “.Private” to both be owned by the ordinary user, rather than by root. Perhaps that’s not how it was done, but it is what I would have expected. Can you look a little further to see if you can find some other “.ecryptfs” and “.Private” directories.

Maybe, also look in that directory “Home” to see if the files look encrypted. They might have file names that look encrypted, or content that looks encrypted. I’m not asking for a listing at this point.

Yes, the files are encrypted, I had Linux Mint installed on that Hard drive and I selected to encrypt Home folder.

I’m pretty sure if I run ecryptfs-recover-private on Linux Mint or something similar, it would definitely find and mount the folder I’ve done it already, I just can’t seem to be able to access it with OpenSUSE.

I just keep getting this error, I just wish I know how to solve it:

INFO: Searching for encrypted private directories (this might take a while)...
find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/var/run/user/1000/gvfs’: Permission denied


Within the .ecryptfs folder, there’s another .ecryptfs folder and a .Private folder, here’s the output:

pc@linux-pqga:/var/run/media/pc/a83b46c9-e7af-4dc6-82fc-489768de736f/.ecryptfs/david> ls -al
total 56
drwxr-xr-x   4 pc   1000  4096 Sep 30  2011 .
drwxr-xr-x   3 root root  4096 Sep 30  2011 ..
drwx------   2 pc   1000  4096 Sep 30  2011 .ecryptfs
drwx------ 113 pc   1000 40960 Sep  3 02:19 .Private


On 2014-01-07 08:16, theuniverse wrote:
>
> I just keep getting this error, I just wish I know how to solve it:
>
>
> Code:
> --------------------
> INFO: Searching for encrypted private directories (this might take a while)…
> find: ‘/run/user/1000/gvfs’: Permission denied
> find: ‘/var/run/user/1000/gvfs’: Permission denied
>
>
> --------------------

Those folders are created and needed by gnome, and they are virtual. If
you use a different desktop, even temporarily, they should disappear.
Might need a reboot.


Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Okay. Those are very likely the ones that you are looking for. The encrypted files are in that “.Private” directory.

I’ll comment more, after thinking about the problem.

I see those directories, logged into KDE4. There’s probably some gnome library stuff that’s started, perhaps needed for gtk applications like “firefox”.

Maybe a reboot, then login only to icewm, will avoid the error messages.