Mount gocryptfs volume on login with pam_mount

Auto mount an encrypted directory with gocryptfs and pam_mount.

Make sure to use your login password as a key for gocryptfs

Edit /etc/security/pam_mount.conf.xml and add this line before the </pam_mount> tag.

<volume user="YOURUSERNAME" fstype="fuse" options="nodev,nosuid,quiet"
path="/usr/bin/gocryptfs#/home/%(USER)/ENCRYPTED_DIRECTORY" mountpoint="/home/%(USER)/PLAIN_DIRECTORY" />

Replace

YOURUSERNAME
ENCRYPTED_DIRECTORY
PLAIN_DIRECTORY

Make sure the path for gocryptfs is correct ( run which gocryptfs )

Edit /etc/pam.d/session-login with the following lines:

/etc/pam.d/system-login

#%PAM-1.0

auth       required   pam_shells.so
auth       requisite  pam_nologin.so
auth       optional   pam_mount.so
auth       include    system-auth

account    required   pam_access.so
account    required   pam_nologin.so
account    include    system-auth

password   optional   pam_mount.so
password   include    system-auth

session    optional   pam_loginuid.so
session    optional   pam_keyinit.so       force revoke
session [success=1 default=ignore]  pam_succeed_if.so  service = systemd-user quiet
session    optional   pam_mount.so
session    include    system-auth
session    optional   pam_motd.so          motd=/etc/motd
session    optional   pam_mail.so          dir=/var/spool/mail standard quiet
-session   optional   pam_systemd.so
session    required   pam_env.so

luxcem/gocryptfs_pam_mount.md

Select an option

No results found

Select an option

No results found

Auto mount an encrypted directory with gocryptfs and pam_mount.

Sources