ecryptfs-umount-private

ecryptfs-umount-private [options]

-h, --help
    Displays a help message and exits.

-v, --version
    Displays the version information and exits.

-d directory, --directory=directory
    Specifies the target encrypted directory to unmount, overriding the default private directory (e.g., ~/.Private).

ecryptfs-umount-private is a utility designed to securely unmount a private directory encrypted with eCryptfs. It is typically used in conjunction with ecryptfs-mount-private, which mounts the encrypted directory, providing access to its decrypted contents. When a private directory is unmounted, its contents become inaccessible and remain in their encrypted form on the disk, significantly enhancing data privacy and security. This command ensures that sensitive information is no longer available to processes or users after a session ends or when explicit unmounting is desired. It's often invoked automatically by system login/logout scripts to manage user home directories that are encrypted with eCryptfs, making it a crucial component for protecting user data in multi-user or shared computing environments.

The command will fail if any files or subdirectories within the mounted private directory are still in use by open applications or processes. All open files must be closed before unmounting.

Unmounting only makes the decrypted view inaccessible; the encrypted data still resides on the underlying filesystem.

It requires the ecryptfs-utils package to be installed on the system.

For persistent encryption, ensure proper system shutdown or logout procedures that automatically call this command.

Most commonly, ecryptfs-umount-private is run without any arguments, which causes it to attempt to unmount the user's default private directory (e.g., ~/.Private) and make the decrypted view (e.g., ~/Private) inaccessible. It is often invoked automatically during system logout or shutdown procedures configured to secure user data.

If the command fails due to files being in use (e.g., 'Device or resource busy'), a common solution is to identify and terminate processes accessing the directory (e.g., using lsof or fuser), or simply log out and back in if system scripts are managing the mount points automatically.

eCryptfs, and consequently ecryptfs-umount-private, has been a significant component of Linux distributions, particularly Ubuntu, for providing per-user encrypted home directories. Developed over the years by various contributors, including Michael Halcrow, its primary goal was to offer a transparent filesystem-level encryption solution. While its usage for new installations has somewhat declined in favor of full-disk encryption (like LUKS) or more modern options like fscrypt for individual directories, ecryptfs remains a robust solution, especially for legacy systems or specific use cases requiring a stacked cryptographic filesystem.

ecryptfs(7), ecryptfs-mount-private(1), ecryptfs-setup-private(1), mount(8), umount(8)