Provided by: ecryptfs-utils_87-0ubuntu1_i386 bug

NAME

       ecryptfs-setup-private - setup an eCryptfs private directory.

SYNOPSIS

       ecryptfs-setup-private   [-f|--force]  [-w|--wrapping]  [-a|--all-home]
       [-n|--no-fnek]  [--nopwcheck]  [-u|--username   USER]   [-l|--loginpass
       LOGINPASS] [-m|--mountpass MOUNTPASS]

OPTIONS

       Options available for the ecryptfs-setup-private command:

       -f, --force
              Force overwriting of an existing setup

       -w, --wrapping
              Use an independent wrapping passphrase, different from the login
              passphrase

       -u, --username USER
              User to setup, default is current user if omitted

       -l, --loginpass LOGINPASS
              System  passphrase  for  USER,  used  to  wrap  MOUNTPASS,  will
              interactively prompt if omitted

       -m, --mountpass MOUNTPASS
              Passphrase  for  mounting  the ecryptfs directory, default is 16
              bytes from /dev/urandom if omitted

       -a, --all-home
              Generate a setup for encrypting the user's entire home directory

       --undo Display instructions on how to undo an encrypted private setup

       -n, --no-fnek
              Do not encrypt filenames; otherwise, filenames will be encrypted
              on systems which support filename encryption

       --nopwcheck
              Do  not  check  the  validity  of  the  specified login password
              (useful for LDAP user accounts)

       --noautomount
              Setup this user such that the encrypted private directory is not
              automatically mounted on login

       --noautoumount
              Setup this user such that the encrypted private directory is not
              automatically unmounted at logout

DESCRIPTION

       ecryptfs-setup-private  is  a  program   that   sets   up   a   private
       cryptographic  mountpoint  for  a  non-root  user,  who  is a member of
       ecryptfs group.

       Be sure to properly escape your parameters according  to  your  shell's
       special  character  nuances, and also surround the parameters by double
       quotes, if necessary. Any of the parameters may be:

         1) exported as environment variables
         2) specified on the command line
         3) left empty and interactively prompted

       The user SHOULD ABSOLUTELY RECORD THE MOUNT PASSPHRASE AND STORE  IN  A
       SAFE  LOCATION.   If  the  mount  passphase  file is lost, or the mount
       passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.

       Using the values of USER,  MOUNTPASS,  and  LOGINPASS,  ecryptfs-setup-
       private will:
         - Create ~/.Private (permission 700)
         - Create ~/Private (permission 500)
         - Backup any existing wrapped passphrases
         - Use LOGINPASS to wrap and encrypt MOUNTPASS
         - Write to ~/.ecryptfs/wrapped-passphrase
         - Add the passphrase to the current keyring
         - Write the passphrase signature to ~/.ecryptfs/Private.sig
         - Test the cryptographic mount with a few reads and writes

       The  system administrator can add the pam_ecryptfs.so module to the PAM
       stack which will automatically use the login passphrase to  unwrap  the
       mount  passphrase, add the passphrase to the user's kernel keyring, and
       automatically perform the mount. See pam_ecryptfs(8).

FILES

       ~/.ecryptfs/auto-mount

       ~/.Private - underlying directory containing encrypted data

       ~/Private - mountpoint containing decrypted data (when mounted)

       ~/.ecryptfs/Private.sig  -  file  containing  signature  of  mountpoint
       passphrase

       ~/.ecryptfs/Private.mnt - file containing path of the private directory
       mountpoint

       ~/.ecryptfs/wrapped-passphrase - file containing the mount  passphrase,
       wrapped with the login passphrase

       ~/.ecryptfs/wrapping-independent  -  this  file  exists if the wrapping
       passphrase is independent from login passphrase

SEE ALSO

       ecryptfs-rewrap-passphrase(1),               mount.ecryptfs_private(1),
       pam_ecryptfs(8), umount.ecryptfs_private(1)

       /usr/share/doc/ecryptfs-utils/ecryptfs-faq.html

       http://launchpad.net/ecryptfs/

AUTHOR

       This  manpage  and  the  ecryptfs-setup-private  utility was written by
       Dustin Kirkland <kirkland@canonical.com> for Ubuntu systems (but may be
       used  by  others).   Permission  is  granted to copy, distribute and/or
       modify this document under the terms of the GNU General Public License,
       Version  2  or  any  later  version  published  by  the  Free  Software
       Foundation.

       On Debian systems, the complete text of the GNU General Public  License
       can be found in /usr/share/common-licenses/GPL.