Arch Linux

analbeard

Member

From: London

Registered: 2014-11-07

Posts: 48

[SOLVED] Cannot migrate to encrypted home partition

So I installed Arch to play around and familiarise myself with, and I'd now like to use it full time. My company require that either home dir or full disk encryption is used, so I need to migrate my home directory using ecryptfs. Followed the wiki (created a test user to break first though), but it fails as lsof seems to see its own process checking for open files as an open file: cue much

INFO:  Checking disk space, this may take a few moments.  Please be patient.
INFO:  Checking for open files in /home/shw
INFO:  The following files are in use:

    COMMAND PID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
    systemd   1 root   19r  FIFO    0,8      0t0  8339 pipe
    lsof    428 root    1w  FIFO    0,8      0t0 10969 pipe
    lsof    428 root    4w  FIFO    0,8      0t0  9076 pipe
    lsof    428 root    5r  FIFO    0,8      0t0  9077 pipe
    sed     429 root    0r  FIFO    0,8      0t0 10969 pipe
    lsof    430 root    3r  FIFO    0,8      0t0  9076 pipe
    lsof    430 root    6w  FIFO    0,8      0t0  9077 pipe

ERROR:  Cannot proceed.

Any suggestions?

Last edited by analbeard (2014-11-20 08:24:39)

---

Late 2016 Dell XPS15 | i7-6700HQ | 16GB DDR4 | Samsung PM961 NVMe 512Gb SSD
LightDM/i3 | rEFInd | linux-ck

EscapedNull

Member

Registered: 2013-12-04

Posts: 129

Re: [SOLVED] Cannot migrate to encrypted home partition

Can you tell us what command produced that output? The fact that lsof detects itself sounds like a bug somewhere to me. Although, I'm not sure it's possible to migrate the home directory of a logged-in user. Try logging out and running the command as root. Alternatively, you might be better off creating a new user with an encrypted home directory and mv'ing your old home dir to your new. Note that this will only protect new files though, as there's no reliable way to securely erase files without a low-level-format of the partition (or at all, depending on whom you ask).

You might also consider encrypting your entire system as it is far more secure, but use ecryptfs if that suits you. dm-crypt would require reformatting one or more of your partitions, but you already have your home directory backed up, right?

analbeard

Member

From: London

Registered: 2014-11-07

Posts: 48

Re: [SOLVED] Cannot migrate to encrypted home partition

Can you tell us what command produced that output? The fact that lsof detects itself sounds like a bug somewhere to me. Although, I'm not sure it's possible to migrate the home directory of a logged-in user. Try logging out and running the command as root. Alternatively, you might be better off creating a new user with an encrypted home directory and mv'ing your old home dir to your new. Note that this will only protect new files though, as there's no reliable way to securely erase files without a low-level-format of the partition (or at all, depending on whom you ask).

You might also consider encrypting your entire system as it is far more secure, but use ecryptfs if that suits you. dm-crypt would require reformatting one or more of your partitions, but you already have your home directory backed up, right?

I ran:

ecryptfs-migrate-private -u shw

It comes from here: https://wiki.archlinux.org/index.php/EC … _directory

I booted into single user mode so my user definitely wasn't logged in. I used to use full disk encryption but it was a PITA if I broke something and needed to use a liveUSB to fix it, so I've stuck with just $HOME encrypted.

There are no major customisations made yet, so the contents of home aren't critical

---

Late 2016 Dell XPS15 | i7-6700HQ | 16GB DDR4 | Samsung PM961 NVMe 512Gb SSD
LightDM/i3 | rEFInd | linux-ck

macaco

Member

From: Graz, Austria

Registered: 2009-03-22

Posts: 101

Re: [SOLVED] Cannot migrate to encrypted home partition

I logged in as root and got the same output as analbeard when I tried to encrypt my /home. I followed every step of the wiki but "ecryptfs-migratem-home -u user" refused to proceed. Any ideas??

---

https://wp.realraum.at/

teateawhy

Member

From: GER

Registered: 2012-03-05

Posts: 1,138

Website

Re: [SOLVED] Cannot migrate to encrypted home partition

Have you tried to do this manually instead of using the migration program?

macaco

Member

From: Graz, Austria

Registered: 2009-03-22

Posts: 101

Re: [SOLVED] Cannot migrate to encrypted home partition

I will give it try tomorrow and inform you about the outcome. I will use the guide  by anarxc http://sysphere.org/~anrxc/j/articles/e … index.html

Just to complete the information. When I logged in as root, (right after the boot) I got this

[root@notebook ~]$ ecryptfs-migrate-home -u user

INFO:  Checking disk space, this may take a few moments.  Please be patient.
INFO:  Checking for open files in /home/shw
INFO:  The following files are in use:

    COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
    systemd     1 root   22r  FIFO    0,8      0t0  1196 pipe
    systemd     1 root   23u  FIFO   0,15      0t0  1198 /run/dmeventd-server
    systemd     1 root   24u  FIFO   0,15      0t0  1199 /run/dmeventd-client
    systemd     1 root   26u  FIFO   0,15      0t0  1203 /run/systemd/initctl/fifo
    NetworkMa 258 root   20w  FIFO   0,15      0t0 10093 /run/systemd/inhibit/1.ref
    systemd-l 260 root   19r  FIFO   0,15      0t0 10093 /run/systemd/inhibit/1.ref
    systemd-l 260 root   26r  FIFO   0,15      0t0 14800 /run/systemd/sessions/c2.ref
    login     527 root    6w  FIFO   0,15      0t0 14800 /run/systemd/sessions/c2.ref
    ecryptfs- 669 root    1w  FIFO    0,8      0t0 16695 pipe
    tee       670 root    0r  FIFO    0,8      0t0 16695 pipe
    lsof      692 root    1w  FIFO    0,8      0t0 16798 pipe
    lsof      692 root    4w  FIFO    0,8      0t0 15619 pipe
    lsof      692 root    5r  FIFO    0,8      0t0 15620 pipe
    sed       693 root    0r  FIFO    0,8      0t0 16798 pipe
    sed       693 root    1w  FIFO    0,8      0t0 16695 pipe
    lsof      694 root    3r  FIFO    0,8      0t0 15619 pipe
    lsof      694 root    6w  FIFO    0,8      0t0 15620 pipe 

ERROR: cannot proceed

Last edited by macaco (2014-11-17 23:43:45)

---

https://wp.realraum.at/

macaco

Member

From: Graz, Austria

Registered: 2009-03-22

Posts: 101

Re: [SOLVED] Cannot migrate to encrypted home partition

Okay... yesterday I did a pacman -Syu and - whoa - also lsof was part of the update - and this did the trick! Obviously it was a lsof related problem...

ecryptfs-migrate-home -u user did exactly what it should and I am already broadcasting from an encrypted /home

Guess we can mark the topic as solved now.

---

https://wp.realraum.at/

analbeard

Member

From: London

Registered: 2014-11-07

Posts: 48

Re: [SOLVED] Cannot migrate to encrypted home partition

Okay... yesterday I did a pacman -Syu and - whoa - also lsof was part of the update - and this did the trick! Obviously it was a lsof related problem...

ecryptfs-migrate-home -u user did exactly what it should and I am already broadcasting from an encrypted /home

Guess we can mark the topic as solved now.

Ah awesome, thanks for updating this! Looks like I picked a bad time to try my first Arch install

I ended up using setting up a Luks encrypted partition to get around it.

Edit: I should also point out that where I said I used 'ecryptfs-migrate-private -u shw' earlier, I of course meant 'ecryptfs-migrate-home'

Last edited by analbeard (2014-11-20 08:25:57)

---

Late 2016 Dell XPS15 | i7-6700HQ | 16GB DDR4 | Samsung PM961 NVMe 512Gb SSD
LightDM/i3 | rEFInd | linux-ck

macaco

Member

From: Graz, Austria

Registered: 2009-03-22

Posts: 101

Re: [SOLVED] Cannot migrate to encrypted home partition

Nice!

---

https://wp.realraum.at/