Encrypt user's home directory automatically

[Fnoily]

I wonder that whether fscrypt support format(a fscrypt format) a user's home directory automatically when the user be created, and decrypt/encrypt the home directory when the user log in / log out

just like ecryptfs , i can do these things with 'adduser --encrypt-home $username ' and its pam module

[Fnoily]

especially， use custom protector instead of login pass

[ebiggers]

Re-opening this issue because there should be a way to do this. (There might already be a way, but it needs to be documented.)

[jamesps-ebi]

I think this would be a great addition to the project if it's not already possible. This can probably be done with an additional pam module to create the home directory, similar to pam_mkhomedir.

I've tried to emulate this my own pam module using the pam_exec library

Name: Create encrypted home directories for users on login
Default: yes
Priority: 0
Conflicts: pam_mkhomedir
Auth-Type: Additional
Auth:
	optional	pam_exec.so stdout expose_authtok seteuid /usr/local/bin/fscrypt_home.sh

The module simply runs a script and exposes the user password to it. The script itself creates the home directory and fscrypt accepts the password from stdin to create a user login protector.