On 28/11/2023 19:03, Pocket wrote:
On 11/28/23 06:27, Max Nikulin wrote:
*Login* protector used by pam_fscrypt is a different case.
Well I will see about that when the time comes.
I have a few ideas that may "fix" that, untested at the present time of
course.
Just a couple of additional notes
sudo fscrypt encrypt /home/fscrypt/Encrypted
sudo chown -R pocket:pocket /home/fscrypt/Encrypted
You should be able to create an encrypted directory as a regular user.
With command above you may face an issue during e.g. an attempt to
change passphrase. Files in /home/fscrypt/.fscrypt belong to root, not
to pocket.
Another way suitable for a new user
fscrypt encrypt /home/newhome --user=user
is documented in https://wiki.archlinux.org/title/Fscrypt
Concerning lock on logout, I had an idea to use a systemd unit with a
command executed after user@.service completion. Unfortunately
libpam-fscrypt 0.3.3-1+b6 does not support `unlock_only` option yet, but
`lock_policies` is already default and no-op. So there is no way to
disable lock on logout. Now I am trying to figure out if
systemctl --user exit
may had negative effects. Some running processes may prevent locking of
directories though.
