Unable to access userfolder from a LiveUSB [SOLVED]

[Flamewart]

Context: recently my laptop ran out of battery and shut down, after that I haven't been able to get past the GRUB screen (I try to start LM but the screen just remains black). Looks like some issue with missing packages or the GPU, but I haven't been able to solve it and I've been advised to just format the HDD and install again a fresh LM.
So first I want to access my personal folders inside the /home directory to try to recover them to an external device before formatting the laptop.

Straight to the point: I installed LM in a USB flash drive and booted from it. The problem arrives when I try to access my personal user folder inside /home from the live session. I'm not given permission, so I have to use the terminal and access after "sudo su" command. Then I can get inside, but this is what I find:

mint@mint /media/mint/5720e86b-ddf5-47d3-9868-2f183f4739a6/home $ sudo su
mint home # cd flamewart
mint flamewart # ls -l
total 0
lrwxrwxrwx 1 1000 1000 56 Sep 28 2016 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
lrwxrwxrwx 1 1000 1000 52 Sep 28 2016 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
mint flamewart #

The readme.txt states "this directory has been unmounted to protect your data", and tells to run the command "ecryptfs-mount-private", which returns the following error: "encrypted private directory is not setup properly".

I have been l searching on google for solutions but I cant find anything that works. The funny thing is that I can't remember having encrypted my user folder in the past, so not sure what this is all about. Any idea how to fix this?

[Mute Ant]

That is the signature of an encrypted home folder. The actual data is in a hidden folder nearby, still in /home, but not actually in the user's home folder. A drag-and-drop copy of the whole /home folder to another store will backup the data in its encrypted form. Unlocking it is not just point-and-click but it's not inhumanly difficult.

[Laurent85]

Use ecryptfs command ecryptfs-recover-private:

Code: Select all

sudo ecryptfs-recover-private /media/mint/5720e86b-ddf5-47d3-9868-2f183f4739a6/home/flamewart

See man page for more details:

Code: Select all

man ecryptfs-recover-private

[Flamewart]

Use ecryptfs command ecryptfs-recover-private:

Code: Select all

sudo ecryptfs-recover-private /media/mint/5720e86b-ddf5-47d3-9868-2f183f4739a6/home/flamewart

See man page for more details:

Code: Select all

man ecryptfs-recover-private

That is the signature of an encrypted home folder. The actual data is in a hidden folder nearby, still in /home, but not actually in the user's home folder. A drag-and-drop copy of the whole /home folder to another store will backup the data in its encrypted form. Unlocking it is not just point-and-click but it's not inhumanly difficult.

Thanks! that works but it says it couldn't find the wrapped passphrase file, and asks for the original mount passphrase, which I have no idea where might be. Is there any command to try to find it, then try to use "ecryptfs-unwrap-passphrase"? Otherwise I'm afraid I'll have to say goodbye to my encrypted folder!

[Laurent85]

Thanks! that works but it says it couldn't find the wrapped passphrase file, and asks for the original mount passphrase, which I have no idea where might be.

At this stage enter your login password, the one you were using to open your LM session. Just tried from a live session, it works.

Code: Select all

sudo ecryptfs-recover-private /media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/laurent
INFO: Found [/media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/laurent].
Try to recover this directory? [Y/n]: 
INFO: Could not find your wrapped passphrase file.
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase: 
INFO: Success!  Private data mounted at [/tmp/ecryptfs.JDN68Ml3].

[Flamewart]

Thanks! that works but it says it couldn't find the wrapped passphrase file, and asks for the original mount passphrase, which I have no idea where might be.

At this stage enter your login password, the one you were using to open your LM session. Just tried from a live session, it works.

Code: Select all

sudo ecryptfs-recover-private /media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/laurent
INFO: Found [/media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/laurent].
Try to recover this directory? [Y/n]: 
INFO: Could not find your wrapped passphrase file.
INFO: To recover this directory, you MUST have your original MOUNT passphrase.
INFO: When you first setup your encrypted private directory, you were told to record
INFO: your MOUNT passphrase.
INFO: It should be 32 characters long, consisting of [0-9] and [a-f].

Enter your MOUNT passphrase: 
INFO: Success!  Private data mounted at [/tmp/ecryptfs.JDN68Ml3].

Works for me too! Now when I access /tmp with the terminal I can see the directory, but when I access it all I can get is the same two files I saw when I tried to access the userfolder at /home:

Enter your MOUNT passphrase:
INFO: Success! Private data mounted at [/tmp/ecryptfs.B4iOEC6z].

mint tmp # cd ecryptfs.B4iOEC6z
mint ecryptfs.B4iOEC6z # ls -l
total 0
lrwxrwxrwx 1 1000 1000 56 Sep 28 2016 Access-Your-Private-Data.desktop -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
lrwxrwxrwx 1 1000 1000 52 Sep 28 2016 README.txt -> /usr/share/ecryptfs-utils/ecryptfs-mount-private.txt
mint ecryptfs.B4iOEC6z #

What am I doing wrong?

[Laurent85]

You are right, despite result Success, user data in /tmp/ecryptfs.xxxxx is not available. I think the command needs the 32 characters passphrase as requested.

[Laurent85]

Works for me too! Now when I access /tmp with the terminal I can see the directory, but when I access it all I can get is the same two files I saw when I tried to access the userfolder at /home:

OK, found the correct command to access your data:

Code: Select all

sudo ecryptfs-recover-private /media/mint/5720e86b-ddf5-47d3-9868-2f183f4739a6/home/.ecryptfs/flamewart/.Private

Here is an example to access my user account:

Code: Select all

mint@mint ~ $ sudo ecryptfs-recover-private /media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/.ecryptfs/laurent/.Private
INFO: Found [/media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/.ecryptfs/laurent/.Private].
Try to recover this directory? [Y/n]: 
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] 
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [eb41a1bf437005ac] into the user session keyring
INFO: Success!  Private data mounted at [/tmp/ecryptfs.SejHLFe3].

I have know access to my home folder data:

Code: Select all

mint@mint ~ $ sudo ls /tmp/ecryptfs.SejHLFe3/
Desktop  Documents  Downloads  Music  Pictures	Public	Templates  Videos
mint@mint ~ $ 

[Flamewart]

Works for me too! Now when I access /tmp with the terminal I can see the directory, but when I access it all I can get is the same two files I saw when I tried to access the userfolder at /home:

OK, found the correct command to access your data:

Code: Select all

sudo ecryptfs-recover-private /media/mint/5720e86b-ddf5-47d3-9868-2f183f4739a6/home/.ecryptfs/flamewart/.Private

Here is an example to access my user account:

Code: Select all

mint@mint ~ $ sudo ecryptfs-recover-private /media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/.ecryptfs/laurent/.Private
INFO: Found [/media/mint/cb859ed1-9f6a-4ca0-b8a2-aabcdea0a3fe/home/.ecryptfs/laurent/.Private].
Try to recover this directory? [Y/n]: 
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n] 
INFO: Enter your LOGIN passphrase...
Passphrase: 
Inserted auth tok with sig [eb41a1bf437005ac] into the user session keyring
INFO: Success!  Private data mounted at [/tmp/ecryptfs.SejHLFe3].

I have know access to my home folder data:

Code: Select all

mint@mint ~ $ sudo ls /tmp/ecryptfs.SejHLFe3/
Desktop  Documents  Downloads  Music  Pictures	Public	Templates  Videos
mint@mint ~ $ 

This finally worked, I've been able to access al the data inside my user folder and pass it to an external disk, again thank you so much!

I'll mark this as solved. Just in case somebody stumbles upon this thread with this same problem, be sure to check the /tmp file from your live session, not the /tmp from your HDD. It's in the first directory where you will find the unencrypted user folder! (I mention this because it took me a while to realise that).