Hi, I hope someone here can help me. I’m using OpenSUSE 13.1 and I’m trying to decrypt a Home folder from a different hard drive with ecryptfs but when I use ecryptf-recover-private it gives me this:
**
INFO: Searching for encrypted private directories (this might take a while)…
find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/var/run/user/1000/gvfs’: Permission denied**
Does anyone know how to solve this problem? or is there a better way to decrypt the folder from a separate hard drive?
Those particular messages should not cause a problem. What is being searched for is not below those mount points. Perhaps the script is too sensitive.
Here’s another possibility: Create a new user on your system. Make the home directory of that new user on that different hard drive. Give the new user the same UID as that user had (even if it duplicates an existing user). Check if the home directory for that new user has symlinks that are relevant to “ecryptfs” (symlinks for “.ecryptfs” and for “.Private”. You might have to fix those if they are not relative links.
Then login as that user and attempt to mount the private directory.
I’m kind of a newbie, can you please be a little more specific about the symlinks? how and where do I find them or how do I fix them? or what if they don’t exist?
I meant to mention that you should create the new user by directly editing “/etc/passwd” (using “vipw”), and then editing “/etc/shadow” (using “vipw -s”). The fancy ways of creating a user won’t like the duplicate and will also want to mess around with files in the home directory.
When you use ecryptfs for an encrypted home directory, you usually have to have “.ecryptfs” and “.Private” somewhere else, such as in “/home/.ecryptfs”, with symlinks to there.
I’ve only done this in opensuse. I’m not sure exactly how ubuntu sets that up. Here’s part of what I see on a system where I have set it up that way:
Some of those links are there for my own private reasons. However, the links for “.Private” and for “.ecryptfs” are part of what makes it work. You will notice that I used relative links. If I had used absolute links, such as
.Private -> /home/.ecryptfs/rickert/.Private
then I would have additional difficulties.
If this still does not help, then post the output from “ls -al” on that other directory. Make sure that you use code tags for posting. You can generate code tags with the “#” button on the reply edit box (with the code lines selected by your mouse).
It seems a little complicated for me, I wouldn’t know exactly how to edit the file. Sorry I’m such a linux newbie, I kinda need like step by step instructions.
I would still request the output from running “ls -al” while you have changed into the home directory of the user on that other disk. And remember to use code tags.
On 2014-01-07 04:06, theuniverse wrote:
>
> Thanks for trying to help out. First, how do I setup the new user with
> vipw? how am I supposed to edit the file?
vipw, which has to be started on a terminal, starts the editor with the
appropriate file already opened. You set the environment variable
“EDITOR” to the editor of your choice: I suggest mcedit, provided you
install ‘mc’ first. Otherwise, you could use ‘joe’.
For this, you edit the file “/root/.bashrc” to add this entry:
export EDITOR=/usr/bin/mcedit
Alternatively, you can do:
su -
EDITOR=/usr/bin/mcedit vipw
If you do not do any of this, ‘vipw’ will default to use ‘vi’, which you
probably will not like.
What he is telling you to do is to find the line of your user and copy
it, changing the user name and the home directory.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
If he provides the requested directory listing, then I can probably give more detailed step-by-step instructions. But I cannot be sure of that until I see what we have.
Thanks for helping with “vipw”. And yes, “EDITOR=” can be useful.
ls -al
total 3844
drwxr-xr-x 40 pc users 4096 Jan 6 22:47 .
drwxr-xr-x 5 root root 4096 Jan 5 21:31 ..
drwx------ 3 pc users 4096 Jan 5 18:53 .adobe
-rw------- 1 pc users 3369 Jan 6 22:09 .bash_history
-rw-r--r-- 1 pc users 1177 Jan 5 18:43 .bashrc
drwxr-xr-x 2 pc users 4096 Jan 5 18:43 bin
-rw-r--r-- 1 pc users 196 Jan 6 06:01 .BOINC Manager
drwx------ 19 pc users 4096 Jan 6 22:38 .cache
drwxr-xr-x 3 pc users 4096 Jan 5 20:26 .color
drwx------ 29 pc users 4096 Jan 6 22:37 .config
drwx------ 3 pc users 4096 Jan 5 18:44 .dbus
drwxr-xr-x 4 pc users 4096 Jan 6 22:35 Desktop
-rw------- 1 pc users 67 Jan 5 19:41 .directory
-rw------- 1 pc users 29 Jan 6 17:50 .dmrc
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Documents
drwxr-xr-x 5 pc users 4096 Jan 6 20:48 Downloads
-rw------- 1 pc users 159 Jan 5 21:41 duplicity-full.20140106T024122Z.manifest
-rw------- 1 pc users 117 Jan 5 21:41 duplicity-full.20140106T024122Z.vol1.difftar.gz
-rw------- 1 pc users 140 Jan 5 21:41 duplicity-full-signatures.20140106T024122Z.sigtar.gz
-rw-r--r-- 1 pc users 1637 Jan 5 18:43 .emacs
-rw------- 1 pc users 16 Jan 5 18:44 .esd_auth
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 .fonts
drwxr-xr-x 24 pc users 4096 Jan 6 22:43 .gimp-2.8
drwx------ 3 pc users 4096 Jan 6 03:31 .gnome2
drwx------ 2 pc users 4096 Jan 5 20:41 .gnome2_private
drwx------ 3 pc users 4096 Jan 6 17:50 .gnupg
drwxr-xr-x 2 pc users 4096 Jan 5 20:27 .gstreamer-0.10
-rw-r--r-- 1 pc users 439 Jan 5 20:45 .gtkrc-2.0
lrwxrwxrwx 1 pc users 19 Jan 5 20:45 .gtkrc-2.0-kde4 -> /home/pc/.gtkrc-2.0
lrwxrwxrwx 1 pc users 31 Jan 6 05:54 gui_rpc_auth.cfg -> /var/lib/boinc/gui_rpc_auth.cfg
-rw------- 1 pc users 1670 Jan 6 17:50 .ICEauthority
drwxr-xr-x 3 pc users 4096 Jan 6 01:58 .icedtea
-rw-r--r-- 1 pc users 861 Jan 5 18:43 .inputrc
drwxr-xr-x 3 pc users 4096 Jan 5 01:22 .invent
drwxr-xr-x 4 pc users 4096 Jan 6 04:50 .java
drwx------ 6 pc users 4096 Jan 5 20:36 .kde4
drwx------ 3 pc users 4096 Jan 5 18:44 .local
drwx------ 3 pc users 4096 Jan 5 18:53 .macromedia
drwx------ 5 pc users 4096 Jan 6 04:47 .mozilla
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Music
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Pictures
drwx------ 3 pc users 4096 Jan 5 21:50 .pki
dr-x------ 2 root root 4096 Jan 6 16:51 Private
-rw-r--r-- 1 pc users 1028 Jan 5 18:43 .profile
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Public
drwxr-xr-x 2 pc users 4096 Jan 5 18:43 public_html
-rw------- 1 pc users 256 Jan 6 04:35 .pulse-cookie
drwxr-xr-x 5 pc users 4096 Jan 5 19:16 .rcc
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 .skel
drwx------ 6 pc users 4096 Jan 6 23:14 .Skype
drwx------ 2 pc users 4096 Jan 5 23:15 SpiderOak Hive
drwx------ 2 pc users 4096 Jan 5 20:26 .ssh
drwxr-xr-x 2 pc users 4096 Jan 6 04:36 .steam
lrwxrwxrwx 1 pc users 27 Jan 6 04:35 .steampath -> /home/pc/.steam/bin32/steam
lrwxrwxrwx 1 pc users 25 Jan 6 04:35 .steampid -> /home/pc/.steam/steam.pid
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Templates
drwx------ 4 pc users 4096 Jan 5 19:53 .thumbnails
drwxr-xr-x 2 pc users 4096 Jan 5 18:44 Videos
drwxr-xr-x 4 pc users 4096 Jan 6 16:35 .wine
-rw------- 1 pc users 214 Jan 6 22:47 .Xauthority
-rw-r--r-- 1 pc users 1940 Jan 5 18:43 .xim.template
-rwxr-xr-x 1 pc users 1112 Jan 5 18:43 .xinitrc.template
-rw-r--r-- 1 pc users 3575808 Sep 29 2007 XP_LIVE_Bluerise_VS_v1.1.msstyles
-rw------- 1 pc users 0 Jan 6 22:47 .xsession-errors
-rw------- 1 pc users 19447 Jan 6 23:18 .xsession-errors-:0
-rw-r--r-- 1 pc users 94167 Jan 6 14:54 .y2log
-rw-r--r-- 1 pc users 282 Jan 6 14:53 .y2usersettings
I am looking for a directory “.ecryptfs” and a directory “.Private”.
I don’t see them. So they are probably elsewhere, either in another directory on the same partition or on a different partition or even a different disk.
That might by why your attempt to run that recovery script failed.
The “.Private” directory will contain the encrypted data you want to recover. And the “.ecryptfs” directory will contain some settings such as where to mount and the wrapped password.
On second thoughts, I wonder if you have listed the wrong directory. The file dates there are mostly very recent. I would expect older dates in a directory that you are trying to recover.
I just didn’t know I had to go into the folder with the terminal first before typing “ls -al”, these are my new results from the folder I’m trying to decrypt:
ls -al
total 28
drwxr-xr-x 5 root root 4096 Jun 10 2012 .
drwxr-x---+ 4 root root 80 Jan 7 00:14 ..
drwxr-xr-x 3 root root 4096 Sep 30 2011 .ecryptfs
drwx------ 3 root root 16384 Sep 30 2011 lost+found
dr-x------ 4 pc 1000 4096 Sep 30 2011 Home
Still no “.Private”. It might be elsewhere. Or, may the directory “Home” is playing that role.
I would expect “.ecryptfs” and “.Private” to both be owned by the ordinary user, rather than by root. Perhaps that’s not how it was done, but it is what I would have expected. Can you look a little further to see if you can find some other “.ecryptfs” and “.Private” directories.
Maybe, also look in that directory “Home” to see if the files look encrypted. They might have file names that look encrypted, or content that looks encrypted. I’m not asking for a listing at this point.
Yes, the files are encrypted, I had Linux Mint installed on that Hard drive and I selected to encrypt Home folder.
I’m pretty sure if I run ecryptfs-recover-private on Linux Mint or something similar, it would definitely find and mount the folder I’ve done it already, I just can’t seem to be able to access it with OpenSUSE.
On 2014-01-07 08:16, theuniverse wrote:
>
> I just keep getting this error, I just wish I know how to solve it:
>
>
> Code:
> --------------------
> INFO: Searching for encrypted private directories (this might take a while)…
> find: ‘/run/user/1000/gvfs’: Permission denied
> find: ‘/var/run/user/1000/gvfs’: Permission denied
>
>
> --------------------
Those folders are created and needed by gnome, and they are virtual. If
you use a different desktop, even temporarily, they should disappear.
Might need a reboot.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)
I see those directories, logged into KDE4. There’s probably some gnome library stuff that’s started, perhaps needed for gtk applications like “firefox”.
Maybe a reboot, then login only to icewm, will avoid the error messages.