Monday I updated my laptop, including a new kernel. Per usual procedure, I rebooted. I was not able to log in to my regular account. The problem was that the password didn't match what the home directory encryption code was expecting. So no home directory access, so no log in. The problem, then, was to recover my data and rebuild my home encrypted directory.
Oh, yes, let me remind you once again: recover your wrapped password and store it someplace safe. You may not be able to get at it when the emergency hits. Do it now! I did it like so:
root@test2:~# ecryptfs-unwrap-passphrase /home/.ecryptfs/fred/.ecryptfs/wrapped-passphrase Passphrase: 638ec71d18ba30df7bba343b1ee8e27e root@test2:~#
Note that I did it here as root, not as my regular user. This means that if you can log in as root, either at the terminal or via SSH, and have the password for your user account, you can recover your data.
I have since recovered the data in the user directory, using these instructions exactly. I've also printed out both sets instructions and added them to system documentation, just in case those sites should ever go away. Go, thou, and do likewise.
Once youve recovered your data, the problem becomes: restoring the data to an encrypted user directory. To do that, I followed these ancient instructions, with one exception. That exception being, I did not follow the last instruction, to use ecryptfs-setup-private. ecryptfs-setup-private sets up the older encryption setup, with a ~/Private directory. That has a number of hazards, not least that not all the data in your home directory is secured.
Instead, I removed the user, using deluser from the command line.
root@test2:/home# deluser --remove-all-files fred Looking for files to backup/remove ... Removing files ... Removing user `fred' ... Warning: group `fred' has no more members. Done. root@test2:/home#
If necessary, rm -r /home/fred /home/.ecryptfs/fred/.
Now add the new user. The GUI tool, users-admin, has no provision for encrypting a user's home directory as it makes it. But the command line tool adduser does.
root@test2:~# adduser --encrypt fred
Adding user `fred' ...
Adding new group `fred' (1001) ...
Adding new user `fred' (1001) with group `fred' ...
Creating home directory `/home/fred' ...
Setting up encryption ...
************************************************************************
YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION.
ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase
THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME.
************************************************************************
Done configuring.
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for fred
Enter the new value, or press ENTER for the default
Full Name []: Fred Flintstone
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
root@test2:~#
You should now be able to log in as your regular user and start recovery.
But I have another problem. In the process of recovering from this, I found out that Amanda hasn't been backing up my home directory on the affect machine correctly. In fact, not all. Film at eleven!