ecryptfs-mount-private

ecryptfs-mount-private [-v] [--nopwcheck] [-h]

-h, --help
    Display help message and exit

-v, --verbose
    Enable verbose output during mount

--nopwcheck
    Skip passphrase quality/strength check

The ecryptfs-mount-private command is a user-friendly wrapper for mounting an eCryptfs-encrypted Private directory in the user's home folder. eCryptfs is a stacked, kernel-level filesystem encryption module for Linux that provides transparent file encryption.

Typically, files written to ~/Private are automatically encrypted on disk and decrypted on read within the mounted ~/.ecryptfs/Private directory. It prompts for the user's login passphrase (if configured via PAM) or a dedicated mount passphrase stored in the user's keyring.

This command requires prior setup using ecryptfs-setup-private, which configures the necessary keyring and directories. It's ideal for protecting sensitive data with plausible deniability, as unmounted directories appear as encrypted gibberish.

Common workflow: setup once, then mount on login (via PAM or .profile) and unmount manually or on logout. Note that eCryptfs support is waning in modern distros favoring LUKS or fscrypt.

Requires initial setup with ecryptfs-setup-private; fails if passphrase mismatch or kernel module absent. eCryptfs deprecated in Ubuntu 23.04+; unmount with ecryptfs-umount-private to avoid data corruption. Not for large filesystems due to performance.

Add to ~/.profile or use PAM: ecryptfs-mount-private && export PRIVATE_MOUNT=1

Use ecryptfs-unwrap-passphrase with wrapped passphrase file for recovery

Developed 2006-2007 by eCryptfs team (Dustin Kirkland et al.); merged into Linux kernel 2.6.19 (2007). Default in Ubuntu 9.04-22.04; phased out post-23.04 for encfs alternatives.

ecryptfs-setup-private(1), ecryptfs-umount-private(1), ecryptfs-add-passphrase(1), mount(8), ecryptfs(7)