bdombro/manjaro-enrypt-user-home.sh

## manjaro-enrypt-user-home.sh
#!/bin/bash

echo "

Note: If user is not yet created use other script manjaro-create-user.sh

Because you can only create encrypted home for another not logged in user, you must create a separate user to set up the encrypted home for.

The manjaro_setup_encrypted_home.sh script will set the ecryptfs pam moduls, and encrypt the home dir if the user has no running processes (not logged in).

Follow the original instructions from the encryption output at the end of the process: the target user should test if he/she can log in before the restart.

After setting encrypted home(s), a restart is advised.

Script source: https://github.com/hrotkogabor/manjaro-btrfs/blob/master/manjaro_setup_encrypted_home.sh

Deps: lsof
"

sudo pacman -Sy --noconfirm
sudo pacman -S --noconfirm --needed vim git rust base-devel lsof

# this script set the ecryptfs pam moduls, and encrypt a home dir if the user has no running processes
# https://wiki.archlinux.org/index.php/ECryptfs#Encrypting_a_home_directory

sudo modprobe ecryptfs

if [ $(grep pam_ecryptfs /etc/pam.d/system-auth | wc -l) = "0" ]; then

  sudo sed -i '/^auth\s*\[default=die\]\s*pam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth    required    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
  sudo sed -i '/^-password\s*\[success=1\s*default=ignore\]\s*pam_systemd_home.so/i password    optional    pam_ecryptfs.so' /etc/pam.d/system-auth
  sudo sed -i '/^session\s*required\s*pam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession    optional    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
fi

list=`grep /bin/zsh /etc/passwd | cut -d: -f1 | grep -v root`

echo "Please select a user to encrypt home!"

select s in $list
do
p=$(echo $s  | cut -d: -f1)
if [ -z "$p" ]
then
  echo "Please select a user!"
  exit 0
fi
break
done

echo "Using $p"

if [ -d /home/.ecryptfs/$p ]; then
    echo "User "$p"'s home directory already encrypted!"
else

    if [ $(ps -U $p | wc -l) != "1" ]; then
        echo "User "$p" has running processes! Log out, or restart system!"
    else
        sudo ecryptfs-migrate-home -u $p
    fi
fi

read
	#!/bin/bash

	echo "

	Note: If user is not yet created use other script manjaro-create-user.sh

	Because you can only create encrypted home for another not logged in user, you must create a separate user to set up the encrypted home for.

	The manjaro_setup_encrypted_home.sh script will set the ecryptfs pam moduls, and encrypt the home dir if the user has no running processes (not logged in).

	Follow the original instructions from the encryption output at the end of the process: the target user should test if he/she can log in before the restart.

	After setting encrypted home(s), a restart is advised.

	Script source: https://github.com/hrotkogabor/manjaro-btrfs/blob/master/manjaro_setup_encrypted_home.sh

	Deps: lsof
	"

	sudo pacman -Sy --noconfirm
	sudo pacman -S --noconfirm --needed vim git rust base-devel lsof

	# this script set the ecryptfs pam moduls, and encrypt a home dir if the user has no running processes
	# https://wiki.archlinux.org/index.php/ECryptfs#Encrypting_a_home_directory

	sudo modprobe ecryptfs

	if [ $(grep pam_ecryptfs /etc/pam.d/system-auth \| wc -l) = "0" ]; then

	sudo sed -i '/^auth\s\[default=die\]\spam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth required pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	sudo sed -i '/^-password\s\[success=1\sdefault=ignore\]\s*pam_systemd_home.so/i password optional pam_ecryptfs.so' /etc/pam.d/system-auth
	sudo sed -i '/^session\srequired\spam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession optional pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	fi

	list=`grep /bin/zsh /etc/passwd \| cut -d: -f1 \| grep -v root`

	echo "Please select a user to encrypt home!"

	select s in $list
	do
	p=$(echo $s \| cut -d: -f1)
	if [ -z "$p" ]
	then
	echo "Please select a user!"
	exit 0
	fi
	break
	done

	echo "Using $p"

	if [ -d /home/.ecryptfs/$p ]; then
	echo "User "$p"'s home directory already encrypted!"
	else

	if [ $(ps -U $p \| wc -l) != "1" ]; then
	echo "User "$p" has running processes! Log out, or restart system!"
	else
	sudo ecryptfs-migrate-home -u $p
	fi
	fi

	read