bdombro · January 13, 2022 18:12
diff --git a/mint-setup.sh b/mint-setup.sh
 #!/bin/bash

 echo "
 Because you can only create encrypted home for another not logged in user, you must create a separate user to set up the encrypted home for.

 The manjaro_setup_encrypted_home.sh script will set the ecryptfs pam moduls, and encrypt the home dir if the user has no running processes (not logged in).

 Follow the original instructions from the encryption output at the end of the process: the target user should test if he/she can log in before the restart.

 After setting encrypted home(s), a restart is advised.

 Script source: https://github.com/hrotkogabor/manjaro-btrfs/blob/master/manjaro_setup_encrypted_home.sh

 Deps: lsof
 "

 sudo pacman -Sy --noconfirm
 sudo pacman -S --noconfirm --needed vim git rust base-devel lsof

 # this script set the ecryptfs pam moduls, and encrypt a home dir if the user has no running processes
 # https://wiki.archlinux.org/index.php/ECryptfs#Encrypting_a_home_directory

 sudo modprobe ecryptfs

 if [ $(grep pam_ecryptfs /etc/pam.d/system-auth | wc -l) = "0" ]; then

  sudo sed -i '/^auth\s*\[default=die\]\s*pam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth    required    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
  sudo sed -i '/^-password\s*\[success=1\s*default=ignore\]\s*pam_systemd_home.so/i password    optional    pam_ecryptfs.so' /etc/pam.d/system-auth
  sudo sed -i '/^session\s*required\s*pam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession    optional    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
 fi

 list=`grep /bin/zsh /etc/passwd | cut -d: -f1 | grep -v root`

 echo "Please select a user to encrypt home!"

 select s in $list
 do
 p=$(echo $s  | cut -d: -f1)
 if [ -z "$p" ]
 then
  echo "Please select a user!"
  exit 0
 fi
 break
 done

 echo "Using $p"

 if [ -d /home/.ecryptfs/$p ]; then
    echo "User "$p"'s home directory already encrypted!"
 else 

    if [ $(ps -U $p | wc -l) != "1" ]; then
        echo "User "$p" has running processes! Log out, or restart system!"
    else
        sudo ecryptfs-migrate-home -u $p
    fi
 fi

 read
	#!/bin/bash

	echo "
	Because you can only create encrypted home for another not logged in user, you must create a separate user to set up the encrypted home for.

	The manjaro_setup_encrypted_home.sh script will set the ecryptfs pam moduls, and encrypt the home dir if the user has no running processes (not logged in).

	Follow the original instructions from the encryption output at the end of the process: the target user should test if he/she can log in before the restart.

	After setting encrypted home(s), a restart is advised.

	Script source: https://github.com/hrotkogabor/manjaro-btrfs/blob/master/manjaro_setup_encrypted_home.sh

	Deps: lsof
	"

	sudo pacman -Sy --noconfirm
	sudo pacman -S --noconfirm --needed vim git rust base-devel lsof

	# this script set the ecryptfs pam moduls, and encrypt a home dir if the user has no running processes
	# https://wiki.archlinux.org/index.php/ECryptfs#Encrypting_a_home_directory

	sudo modprobe ecryptfs

	if [ $(grep pam_ecryptfs /etc/pam.d/system-auth \| wc -l) = "0" ]; then

	sudo sed -i '/^auth\s\[default=die\]\spam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth required pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	sudo sed -i '/^-password\s\[success=1\sdefault=ignore\]\s*pam_systemd_home.so/i password optional pam_ecryptfs.so' /etc/pam.d/system-auth
	sudo sed -i '/^session\srequired\spam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession optional pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	fi

	list=`grep /bin/zsh /etc/passwd \| cut -d: -f1 \| grep -v root`

	echo "Please select a user to encrypt home!"

	select s in $list
	do
	p=$(echo $s \| cut -d: -f1)
	if [ -z "$p" ]
	then
	echo "Please select a user!"
	exit 0
	fi
	break
	done

	echo "Using $p"

	if [ -d /home/.ecryptfs/$p ]; then
	echo "User "$p"'s home directory already encrypted!"
	else

	if [ $(ps -U $p \| wc -l) != "1" ]; then
	echo "User "$p" has running processes! Log out, or restart system!"
	else
	sudo ecryptfs-migrate-home -u $p
	fi
	fi

	read