ecryptfs-find

ecryptfs-find [start_directory] [options] [expression]

start_directory
    The directory from which to start the search. This should typically be an eCryptfs mount point.

-name
    Search for files by their decrypted (plaintext) name, using shell pattern matching.

-iname
    Like -name, but the matching is case-insensitive.

-cryptname
    Search for files by their raw encrypted name, using shell pattern matching.

-icryptname
    Like -cryptname, but the matching is case-insensitive.

-type
    Filter results by file type (e.g., 'f' for file, 'd' for directory, 'l' for symbolic link).

-mount
    Only search filesystems that are mounted with eCryptfs. This prevents searching into non-eCryptfs filesystems.

-print
    Print the full path of the found files (this would likely be the default action).

-exec {} \;
    Execute a specified command on each found file. The '{}' is replaced by the current file's path.

-max-depth
    Descend at most N levels into the directory tree. A value of 1 means only the starting directory and its immediate contents.

-min-depth
    Do not apply any tests or actions at levels less than N (level 0 is the starting directory).

-decrypted-path
    Output the decrypted (plaintext) path for each found item (useful when searching by encrypted name).

-encrypted-path
    Output the raw encrypted path for each found item (useful when searching by decrypted name).

ecryptfs-find is a conceptual utility designed to locate files within an eCryptfs encrypted filesystem. It is important to note that this command is NOT a standard utility provided by the `ecryptfs-utils` package in most Linux distributions. If such a command existed, its primary purpose would be to address the complexities of searching on volumes where filenames themselves are encrypted. It would allow users to search for files using their original (decrypted) names, or by matching patterns against their encrypted counterparts. This would be invaluable for system administrators and users trying to identify specific files when raw directory listings show only obfuscated filenames. The command would likely traverse the eCryptfs mount point, intelligently handling filename decryption on the fly to match search criteria, and outputting both the encrypted and decrypted paths to the found files, bridging the gap between the standard `find` command and the unique requirements of eCryptfs's filename encryption.

This command ("ecryptfs-find") is NOT a standard utility provided by the `ecryptfs-utils` package in most Linux distributions. Its functionality as described is hypothetical, based on common requirements for eCryptfs and the `find` command paradigm. Users typically rely on the standard `find` command, potentially combined with manual decryption or `ecryptfs-utils` scripting and knowledge of eCryptfs path structures, to achieve similar results. The performance of such a hypothetical command might be impacted by the constant need for on-the-fly decryption for filename matching.

Because a dedicated `ecryptfs-find` command does not exist in standard distributions, users must employ workarounds. To find files by their decrypted (plaintext) name, one would typically use the standard `find` command on the mounted eCryptfs directory, as the operating system presents the decrypted filenames there. For example:
`find /home/user/.Private -name 'my_document.txt'`

To find files by their encrypted name (e.g., when viewing the raw encrypted directory or during recovery), one would use `find` on the raw encrypted view, potentially combined with `ls -A` or other `ecryptfs-utils` commands to map encrypted names back to plaintext, which often requires scripting.

Since "ecryptfs-find" is not a standard command, it has no direct development history. The need for such a tool arises from the unique challenges of filename encryption in eCryptfs, where traditional file searching can be hampered by obfuscated names. Discussions in forums and mailing lists often cover how to achieve "find"-like functionality within eCryptfs, typically by scripting existing `find` with `ecryptfs` awareness, rather than a dedicated utility.

find(1), ecryptfs(7), ecryptfs-mount-private(1), ecryptfs-unwrap-passphrase(1)