Flawm
commented
2 years ago Here's a hacky work around. First add this line to the auth
auth optional pam_exec.so seteuid expose_authtok /bin/unlock_fscrypt_shThen make these two scripts
/bin/unlock_fscrypt_sh
#!/bin/sh
PASS="$(cat -)"
echo "$PASS" | /bin/unlock_fscrypt_expect "$(id -nu)"/bin/unlock_fscrypt_expect
#!/bin/expect
set password [gets stdin]
set user [lindex $argv 0]
spawn fscrypt unlock /home/$user --user=$user
expect "*Enter the number*"
send "0\r"
expect "*Enter the login*"
send "$password\r"
expect "*is now unlocked*"
exit
I'm using arch linux & followed the wiki to setup fcrypt. It's great. Now, additionally I've configured a systemd hook to lock my home directory on a sleep call. It works great. Now, waking & logging back in, my mount point remains locked with no changes to the pam structure, which I thought was weird.
I'm using xfce and I noticed the lock screen has it's own pam configuration it calls
xfce4-screensaverin /etc/pam.d/I've tried setting it up to mimic the existing pam-stack but to no avail, and in fact the minimal-reproducible case is this, which is the bare-minimum as mentioned in the docs.
and it's unfortunately not working with this error:
Looking into it a bit, it's coming from here which is simply calling libc here.
I'm guessing it's something to do with the xfce process running as user 1000 and perms not chaining right, but ideally this would just work :tm: like the system-login pam stack via the light-dm greeter service. I think I can (maybe?) get around it with a systemd hook but the issue is that I need the password passed in and this is precisely what pam is for