“ecryptfs-mount-private”返回“fopen：没有这样的文件或目录”

简而言之，用户的文件wrapped-passphrase有错误的权限（应该是-rw------- user user，是-rw------- root root）。

Ranecryptfs-mount-private命令（输入的登录密码）使用strace如下：

strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private

内容/tmp/strace.log：

user@host:~$ sudo strace -o /tmp/strace.log -e trace=file ecryptfs-mount-private
[sudo] password for user:
Enter your login passphrase:
Inserted auth tok with sig [3ab5cd8e5f8c5acb] into the user session keyring
fopen: No such file or directory
user@host:~$ cat /tmp/strace.log
execve("/usr/bin/ecryptfs-mount-private", ["ecryptfs-mount-private"], [/* 13 vars */]) = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
getcwd("/home/user", 4096)                = 9
open("/usr/bin/ecryptfs-mount-private", O_RDONLY) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3872, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapping-independent", 0x7fff65e61c30) = -1 ENOENT (No such file or directory)
open("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3873, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
stat("/home/user/.ecryptfs/wrapped-passphrase", {st_mode=S_IFREG|0600, st_size=58, ...}) = 0
stat("/home/user/.ecryptfs/Private.sig", {st_mode=S_IFREG|0600, st_size=34, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3874, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
stat("/usr/local/sbin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/local/bin/stty", 0x7fff65e61c40) = -1 ENOENT (No such file or directory)
stat("/usr/sbin/stty", 0x7fff65e61c40)  = -1 ENOENT (No such file or directory)
stat("/usr/bin/stty", 0x7fff65e61c40)   = -1 ENOENT (No such file or directory)
stat("/sbin/stty", 0x7fff65e61c40)      = -1 ENOENT (No such file or directory)
stat("/bin/stty", {st_mode=S_IFREG|0755, st_size=72496, ...}) = 0
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3875, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3876, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3877, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3878, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3879, si_uid=0, si_status=0, si_utime=0, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3880, si_uid=0, si_status=0, si_utime=68, si_stime=0} ---
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3881, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
+++ exited with 1 +++

所以，我们看到没有足够的信息。运行相同的命令（输入登录密码），但使用标志-f来跟踪子进程并使用root权限：

sudo strace -o /tmp/strace2.log -f -e trace=file ecryptfs-mount-private`

部分/tmp/strace2.log文件内容：

...
3963  open("/root/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
3963  open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = 3
...
3964  open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
3964  open("/root/.ecryptfs/Private.mnt", O_RDONLY) = -1 ENOENT (No such file or directory)
3964  open("/dev/shm/ecryptfs-root-Private", O_RDWR|O_CREAT|O_NOFOLLOW, 0600) = 3
3964  open("/root/.ecryptfs/Private.sig", O_RDONLY) = -1 ENOENT (No such file or directory)
3964  +++ exited with 1 +++
3954  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=3964, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
3954  +++ exited with 1 +++

如我们所见，它找不到root的文件Private.sig；看起来它应该由我们尝试恢复的加密目录的用户运行，而不是在特定目录中运行。

总而言之，我使用用户权限运行了这个命令（输入了登录密码）：

strace -o /tmp/strace3.log -f -e trace=file ecryptfs-mount-private`

部分/tmp/strace3.log文件内容：

...
4137  open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY|O_CLOEXEC) = 3
4137  access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
4137  open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY|O_CLOEXEC) = 3
4137  open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 3
4137  open("/home/user/.ecryptfsrc", O_RDONLY) = -1 ENOENT (No such file or directory)
4137  open("/home/user/.ecryptfs/wrapped-passphrase", O_RDONLY) = -1 EACCES (Permission denied)
4137  open("/etc/localtime", O_RDONLY|O_CLOEXEC) = 3
4137  +++ exited with 1 +++
4112  --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=4137, si_uid=1000, si_status=1, si_utime=0, si_stime=0} ---
...

正如我们现在所看到的，ecryptfs-mount-private实用程序无法访问用户的wrapped-passphrase文件，从而导致Permission denied消息。

检查/home/user/.ecryptfs/wrapped-passphrase文件的权限，它们是：

-rw------- 1 root root

将此文件的所有者通过更改sudo chown user:user /home/user/.ecryptfs/wrapped-passphrase为用户并在ecryptfs-mount-private没有 strace（输入登录密码）的情况下重新运行上述（）命令，导致成功消息：

INFO: Your private directory has been mounted.
INFO: To see this change in your current shell:
  cd: /home/user

我设置了一个 ecryptfs 私人文件夹，然后从包装密码文件中删除了 r & w 权限以进行测试...如果您在看到消息后立即检查了系统日志

Info: Check the system log for more information from libecryptfs

你会看到这样的行：

1 月 15 日 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring：无法检测包装的密码版本：权限被拒绝
1 月 15 日 00:21:48 sys ecryptfs-insert-wrapped-passphrase-into-keyring：错误试图从文件 [/home/user/.ecryptfs/wrapped-passphrase]中解开密码短语；rc = [-13]

这些将是一个非常强大的箭头，指向检查 ~/.ecryptfs/wrapped-passphrase 文件的权限。（不需要 sudo 或 strace）

总而言之，只需确保您正在ecryptfs-mount-private以尝试挂载的同一用户目录运行命令，并且wrapped-passphrase文件具有-rw-------或（600）权限以及与加密目录相同的所有者。