ecryptfs-umount-private

ecryptfs-umount-private [--force]

--force
    Force unmount by attempting to kill processes using the mount first

-h, --help
    Display help and exit

The ecryptfs-umount-private command is a utility from the ecryptfs-utils package designed to unmount and clean up a user's encrypted private directory managed by eCryptfs, a stacked filesystem-level encryption system for Linux.

eCryptfs encrypts files transparently using keys from the user's session keyring, commonly used for protecting the ~/Private directory. When mounting with ecryptfs-mount-private, it creates a decrypted view (typically at ~/Private) backed by encrypted storage in ~/.Private. The ecryptfs-umount-private reverses this: it unmounts the decrypted directory using fusermount -u, removes temporary files, shreds sensitive data if configured, and restores access only to encrypted storage.

This ensures no plaintext data remains accessible post-unmount, critical for security during logout or manual cleanup. It's often invoked automatically via PAM hooks (pam_ecryptfs) on logout in distributions like Ubuntu.

Must be run as the mounting user, not root; fails if directory not mounted or permissions mismatch. Does not work on non-eCryptfs mounts.

Typically called automatically on logout; manual use advised before system shutdown to prevent decrypted data exposure.

Developed as part of eCryptfs project by IBM/Lenovo Enterprise Linux team around 2006-2008; merged into Linux kernel 2.6.19 (2007). Userspace tools like ecryptfs-umount-private popularized in Ubuntu 8.04 for home directory encryption.

ecryptfs-mount-private(1), ecryptfs-recover-private(1), fusermount(1), umount(8)