Heres the closest I’ve gotten: I installed gitolite in the /Private folder using ecryptfs-utils (sudo apt-get install ecryptfs-utils adduser git ecryptfs-setup-private then the rest was configuring gitolite using a root install).
It worked just fine as long as someone was logged in as the user git using a password (su git using root does not work). Since the private folder activates through logging in with a password and gitolite uses RSA keys (required) the private folder is hidden thus error occurs.
Is there a way I can log into my server after a reboot, type in the password and have the git user private folder available until next time the machine restarts?
Or maybe theres an easy way to encrypt a folder for git repositories?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
You simply need to remove the file ~/.ecryptfs/auto-umount.
This file is a flag that pam_ecryptfs checks on logout. This file exists by default at setup, along with ~/.ecryptfs/auto-mount, such that your private directory is automatically mounted and unmounted at login/logout. But each can be removed independently to change that behavior. Enjoy!
Method 2
Sorry, can’t post as a comment…
Maybe you could mount your ssh through sshfs and use encfs inside?
Method 3
Use screen. just create a screen, su into the user and do what you need to do. Detach from it by using Ctrl+A,d. Then you should be able to disconnect without killing the process thus someone is logged in at all time.
Method 4
Maybe packing your repo in an GPG encrypted tar. It’s possible to delete the private key from your home each time, so your repo will be almost undecryptable. Each time you log-in, you write the private key to your home, decrypt the repo, and use it.
Method 5
If you can disable the pam_ecryptfs session module, than ecryptfs mount points won’t be unmounted on log-out, but this also affects everyone. Another idea is to use a different passphrase from your login to wrap your mount phasephrase. In this case, it will fail to mount it automatically on log-in, and therefore it shouldn’t (won’t?) unmount on log-out. You can then manually mount ecryptfs and it should stay mounted until next reboot:
ecryptfs-umount-private ecryptfs-rewrap-passphrase .ecryptfs/wrapped-passphrase ecryptfs-mount-private
Method 6
If you’re looking for strictly offline protection, then something like an auto-mounted encrypted partition should do the trick. I see you’re using apt-get, so there’s a fair chance you’re on Ubuntu. In that case, it might interest you to know that Ubuntu has encryption as an option during installation. If you’re using Debian, here’s an article I found that covers How to set up an encrypted filesystem in several easy steps.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0