2
# -*- sh-basic-offset: 4; sh-indentation: 4; tab-width: 4; indent-tabs-mode: t; sh-indent-comment: t; -*-
3
# This script encrypts an user's home
5
# Written by Yan Li <yan.i.li@intel.com>, <yanli@gnome.org>
6
# Copyright (C) 2010 Intel Corporation
8
# Modified by Dustin Kirkland <kirkland@ubuntu.com>
10
# This program is free software; you can redistribute it and/or
11
# modify it under the terms of the GNU General Public License as
12
# published by the Free Software Foundation; either version 2 of the
13
# License, or (at your option) any later version.
15
# This program is distributed in the hope that it will be useful, but
16
# WITHOUT ANY WARRANTY; without even the implied warranty of
17
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18
# General Public License for more details.
20
# You should have received a copy of the GNU General Public License
21
# along with this program; if not, write to the Free Software
22
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
35
-u,--user Migrate USER's home directory to an encrypted home directory
37
WARNING: Make a complete backup copy of the non-encrypted data to
38
another system or external media. This script is dangerous and, in
39
case of an error, could result in data lost, or lock you out of your
42
This program must be executed by root.
49
echo "$(gettext 'ERROR: ')" "$@" 1>&2
54
echo "$(gettext 'WARNING: ')" "$@" 1>&2
58
echo "$(gettext 'INFO: ')" "$@" 1>&2
63
if [ -e "$DIR" ]; then
64
# if $DIR is a directory, make sure it's empty
65
if [ -d "$DIR" ]; then
66
ls=$(ls -A "$DIR" | wc -l)
67
if [ "$ls" != "0" ]; then
68
echo 1>&2 "If you already have some data in directory $DIR,"
69
echo 1>&2 "please move all of these files and directories out of the way, and"
70
echo 1>&2 "follow the instructions in:"
71
echo 1>&2 " ecryptfs-setup-private --undo"
73
error "$DIR is not empty, cannot continue."
76
error "$DIR exists but is not an empty directory, cannot continue."
81
# get user home by username
84
local USER_HOME=$(getent passwd "$USER_NAME" | cut -d":" -f 6)
85
if [ -z "$USER_HOME" ]; then
86
error "Cannot find the home directory of $USER_NAME."
94
if [ -e "$USER_HOME/.ecryptfs" ]; then
95
error "$USER_HOME appears to be encrypted already."
98
if ! which rsync >/dev/null 2>&1; then
99
error "Please install the rsync package."
101
# Check free space: make sure we have sufficient disk space
102
# available. To make a full copy, we will need at least 2.5x the
103
# disk usage of the target home directory.
104
info "Checking disk space, this may take a few moments. Please be patient."
105
needed=$(du -s "$USER_HOME" | awk '{printf "%.0f", $1*2.5}')
106
free=$(df -P "$USER_HOME" | tail -n 1 | awk '{print $4}')
107
if [ $needed -gt $free ]; then
108
info "2.5x the size your current home directory is required to perform a migration."
109
info "Once the migration succeeds, you may recover most of this space by deleting the cleartext directory."
110
error "Not enough free disk space."
112
assert_dir_empty "$USER_HOME/.$PRIVATE_DIR"
113
assert_dir_empty "$USER_HOME/.ecryptfs"
114
assert_dir_empty "/home/.ecryptfs/$USER_NAME"
120
if ! which lsof >/dev/null 2>&1; then
121
info "Please install lsof."
122
error "Can not tell whether $USER_HOME is in use or not."
124
info "Checking for open files in $USER_HOME"
125
lsof=$(lsof +D "$USER_HOME" | wc -l)
126
if [ "$lsof" != "0" ]; then
127
info "The following files are in use:"
129
lsof +D "$USER_HOME" | sed "s/^/ /"
131
error "Cannot proceed."
134
orig=$(mktemp /home/$USER_NAME.XXXXXXXX)
135
rm "$orig" && mv "$USER_HOME" "$orig"
137
mkdir -p -m 700 "$USER_HOME"
138
USER_GROUP=$(id -g "$USER_NAME")
139
chown "$USER_NAME:$USER_GROUP" "$USER_HOME" "$orig"
140
ECRYPTFS_SETUP_PRIVATE_ARGS=""
141
if [ -n "$LOGINPASS" ]; then
142
ECRYPTFS_SETUP_PRIVATE_ARGS="-l $LOGINPASS"
144
if [ -n "$MOUNTPASS" ]; then
145
ECRYPTFS_SETUP_PRIVATE_ARGS="$ECRYPTFS_SETUP_PRIVATE_ARGS -m $MOUNTPASS"
147
export ECRYPTFS_MIGRATE="1"
148
if ! ecryptfs-setup-private -u "$USER_NAME" -b $ECRYPTFS_SETUP_PRIVATE_ARGS; then
149
# too bad, something went wrong, we'll try to recover
151
mv "$orig" "$USER_HOME"
154
info "Encrypted home has been set up, encrypting files now...this may take a while."
155
# Show progress, but on stderr, in case the user wants to filter that out
156
rsync -aP "$orig/" "$USER_HOME/" 1>&2
159
echo "========================================================================"
160
echo "Some Important Notes!"
162
echo " 1. The file encryption appears to have completed successfully, however,"
163
echo " $USER_NAME MUST LOGIN IMMEDIATELY, _BEFORE_THE_NEXT_REBOOT_,"
164
echo " TO COMPLETE THE MIGRATION!!!"
166
echo " 2. If $USER_NAME can log in and read and write their files, then the migration is complete,"
167
echo " and you should remove $orig."
168
echo " Otherwise, restore $orig back to $USER_HOME."
170
echo " 3. $USER_NAME should also run 'ecryptfs-unwrap-passphrase' and record"
171
echo " their randomly generated mount passphrase as soon as possible."
173
echo " 4. To ensure the integrity of all encrypted data on this system, you"
174
echo " should also encrypt swap space with 'ecryptfs-setup-swap'."
175
echo "========================================================================"
194
if [ "$DO_ENCRYPT" != "1" ]; then
198
if [ "$(id -u)" != "0" ]; then
199
error "This program must be executed with root privileges"
202
if [ "$DO_ENCRYPT" = "1" ]; then
203
USER_HOME=$(get_user_home "$USER_NAME")
204
sanity_check "$USER_NAME" "$USER_HOME"
205
encrypt_dir "$USER_NAME" "$USER_HOME" "$LOGINPASS" "$MOUNTPASS"
added
removed
src/utils/ecryptfs-migrate-home
