bdombro · November 29, 2023 17:00
diff --git a/manjaro-create-user.sh b/manjaro-create-user.sh
 ADMIN_USER=manjaro
 echo "*******Creating $ADMIN_USER with encrypted home*******"

 # Enable user home encryption features (doesnt actually encrypt anything, just enables the features
 sudo pacman -Sy lsof
 sudo modprobe ecryptfs
 if [ $(grep pam_ecryptfs /etc/pam.d/system-auth | wc -l) = "0" ]; then
  sudo sed -i '/^auth\s*\[default=die\]\s*pam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth    required    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
  sudo sed -i '/^-password\s*\[success=1\s*default=ignore\]\s*pam_systemd_home.so/i password    optional    pam_ecryptfs.so' /etc/pam.d/system-auth
  sudo sed -i '/^session\s*required\s*pam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession    optional    pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
 fi

 # sudo userdel $ADMIN_USER; sudo rm -rf /home/$ADMIN_USER*; sudo rm -rf /home/.ecryptfs/$ADMIN_USER
 if [ -d /home/$ADMIN_USER ]; then
    echo "User "$ADMIN_USER"'s home directory already exists!"; exit
 fi
 if [ -d /home/.ecryptfs/$ADMIN_USER ]; then
    echo "User "$ADMIN_USER"'s home directory already encrypted!"; exit
 fi
 sudo useradd -mG wheel $ADMIN_USER && sudo passwd $ADMIN_USER && sudo rsync -r ~/ /home/$ADMIN_USER && sudo chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER
 sudo ecryptfs-migrate-home -u $ADMIN_USER && sudo rm -rf /home/$ADMIN_USER.*

 echo "
 Next Steps:
   - login to new user
   - enable location services once logged in: 
     `gsettings set org.gnome.system.location enabled true`
 "
	ADMIN_USER=manjaro
	echo "*****Creating $ADMIN_USER with encrypted home*****"

	# Enable user home encryption features (doesnt actually encrypt anything, just enables the features
	sudo pacman -Sy lsof
	sudo modprobe ecryptfs
	if [ $(grep pam_ecryptfs /etc/pam.d/system-auth \| wc -l) = "0" ]; then
	sudo sed -i '/^auth\s\[default=die\]\spam_faillock.so\s*authfail/a auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nauth required pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	sudo sed -i '/^-password\s\[success=1\sdefault=ignore\]\s*pam_systemd_home.so/i password optional pam_ecryptfs.so' /etc/pam.d/system-auth
	sudo sed -i '/^session\srequired\spam_unix.so/a session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet\nsession optional pam_ecryptfs.so unwrap' /etc/pam.d/system-auth
	fi

	# sudo userdel $ADMIN_USER; sudo rm -rf /home/$ADMIN_USER*; sudo rm -rf /home/.ecryptfs/$ADMIN_USER
	if [ -d /home/$ADMIN_USER ]; then
	echo "User "$ADMIN_USER"'s home directory already exists!"; exit
	fi
	if [ -d /home/.ecryptfs/$ADMIN_USER ]; then
	echo "User "$ADMIN_USER"'s home directory already encrypted!"; exit
	fi
	sudo useradd -mG wheel $ADMIN_USER && sudo passwd $ADMIN_USER && sudo rsync -r ~/ /home/$ADMIN_USER && sudo chown -R $ADMIN_USER:$ADMIN_USER /home/$ADMIN_USER
	sudo ecryptfs-migrate-home -u $ADMIN_USER && sudo rm -rf /home/$ADMIN_USER.*

	echo "
	Next Steps:
	- login to new user
	- enable location services once logged in:
	`gsettings set org.gnome.system.location enabled true`
	"