Episode: 1101
Title: HPR1101: Recovery of an (en)crypted home directory in a buntu based system
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1101/hpr1101.mp3
Transcribed: 2025-10-17 18:56:12

---

Folks, this is 5150 for Hatter Public Radio.
This is going to be the archival, how I did it episode, because it fulfills the criterion
of dealing with an issue most listeners will most likely never have to resolve, but it
might be invaluable to those few who someday encountered the same problem, how to recover
an encrypted home folder on an Emboon 2 system.
I enabled home folder encryption on an installation of Linux Man 8 some years back, and it never
gave me a bit of trouble until the day that it did.
Suddenly, my login would be accepted, but then I would be tossed straight back to GDM.
Finally, I dropped to a text console to try to recover the contents of my home folder,
and instead found two files.
Access, Dash, Your Dash, Private Dash, Data, Dot Desktop, and Reamey.Test.
Reamey.Test explained that I had arrived in my current predicament because my user
login and password, for some reason, were no longer decrypting my home folder.
You move to home folder encryption is tied to your user login, with no additional password
being required.
Honestly, until I lost access to my files, I had forgotten that I had opted for encryption.
I found two articles that describe similar methods of recovery, and I tried following
their instructions and failed, likely because in each instance, I was choosing what appeared
to be the easier to implement equivalent step for each article.
When I took a look at the material weeks later, I discovered I'd missed only in the
comments that led me to an improved method that was added in the Ubuntu 1104 that saves
several steps.
The link is in the show notes.
First step, boot 2, and then boot 2, distribution CD, version 11.04 later.
Second step, create a mount point and mount a hard drive, which is not going to be mounted
by default.
Of course, if you configure your drive with multiple data portions, root, slash home, etc.
If you want to recover the entire contents of your hard drive, you would have to mount
each separately.
You only have to worry about decrypting the contents of your home directory.
If you use LVM and your home directory spans several physical, dis or logical petitions,
I suspect things might get interesting.
So an example command you might use to create a mount point for your hard drive is sudo,
space, mkdir, space, slash media, slash myhd.
And you need to elevate that command to recruit privileges since media is owned by root.
You need to confirm how your hard drive is registered with the OS.
I just took a simple way in ran disk utility, and confirmed that my hard drive was parked
at slash dev slash sda, and that meant that my single data partition would be at slash
dev slash sda1.
So to mount the entire hard drive, I issued sudo, underscore, mount, I'm sorry, sudo, space,
slash dev, slash sda1, space, slash media, slash myhd.
And confirmed that I'd actually mounted the drive, I did a list on that folder to see
that it had contents, so ls, I'm sorry, ls, space, slash media, slash myhd.
And if it's contents of myhd or empty, obviously you've made some error in mounting the
drive.
Now the new recovery command eliminates the need to recreate your old user.
So you just issue sudo, space, e-crypt, fs, dash recover, dash, private, and that is
e-crypt, not in-crypt, Edward Charlie, radio, Yahoo, Paul, Tango, Fallon, Sierra, dash
recover, dash, private, just as they're normally spelled.
This is pretty well covered in the show notes, this is going to be one of those episodes
that probably the show notes are going to be of more value to you if you ever have to
perform these operations than my audio.
You have to wait a few minutes while the operating system searches your hard drive for encrypted
folders.
And if you had multiple users, I guess it would find more than one.
When a folder is found, you will see the prompt capital I-N-F-O info, colon, space, found,
and in square brackets slash media slash my hard drives, slash home slash e-crypt, fs,
slash your old username slash dot private, and you'll be prompted to try to recover this
directory, yes or no, of course you want to type Y.
You'll then be prompted for your old login password.
You should see a message saying your data was specifically mounted at slash tmp slash e-crypt
fs dot and then some big huge long string of characters.
And say I'd missed that the first time around.
I was checking back in at media slash my HD, slash home slash my username, I'm wondering
why I still couldn't see my files.
So it makes a copy of your files at slash tmp slash e-crypt fs dot some huge long string
of characters.
You've got enough empty space left on your drive to recreate the entire contents of your
home directory.
Now while you've got a second copy of your files in slash tmp slash e-crypt fs dot some
long huge string of characters, you still don't have ownership of that folder because that's
a root privilege folder and you're just a regular user.
Not using the default login from the Ubuntu CD.
So the first thing you want to do is go back to the successful mount message and highlight
with your with your mouse, the slash temp slash e-crypt fs dot, I'm sorry, period slash
temp slash temp slash tmp slash e-crypt fs, period, some long huge string of characters because
you're going to copy that highlight it and copy it and use your mouse and then copy
it into the terminal buffer instead of control c, it's control alt c because you're going
to need to, you're going to need to reference that again, you don't want to type some huge
long string of characters every time.
So take ownership of slash temp slash e-crypt fs dot some huge long string of characters.
You go to command prompt and you can see that your current user name is Ubuntu.
That's the default on the Ubuntu CD.
So you issue pseudo space to own CHO WN for change ownership, space dash capital or space
Ubuntu.
Remember that's your user name, space slash tmp slash e-crypt fs, period, some huge long
string of characters.
And this is where it's going to be going to be handy since remember I had you copy slash
temp slash e-crypt fs dot some huge long string of characters into your terminal buffer.
So just to paste it back into the command line, you can use control alt v.
The capital R flag takes ownership of all the sub-directories in that folder recursively
and it's going to have to walk through them, this is going to take a while, time to go
get a cup of coffee.
I wish I had Claw2's coffee music right here.
Okay, next we need copy that second copy of our home directory to another location because
you're not going to access it every time by grabbing your Ubuntu disk and going through
all these massinations.
So I wanted to wipe the hard drive, wipe the system out, it was, you know, mint 8 is
pretty long and the tooth even before this thing crashed.
So I just want them off the system so I could wipe it start over and I use an external
USB drive which interestingly was auto mounted under media slash media but the internal hard
drive wasn't and since I have ownership of the files I can now copy of wherever I want.
If you had space on your original hard drive, I suppose you could create a new user and
copy the files to the new home folder that would be created for a new user.
This is going to give you three coexisting copies of the contents of your home folder.
So I don't recommend that unless you just have a huge lot of space left on your drive
and then to trust the original problem not being able to access your files wasn't caused
by some corruption for hard disk in the first place.
Now the first time around it didn't work very well.
I tried just to do it easy way using the fault file manager for Ubuntu which is Nodless
and from the command prompt I typed in pseudo space, Nodless, space, ampersand.
So that would launch Nodless as root user, Nod Azure normal user so you grab any files
from anywhere you wanted and I had files in Etsy remember that I wanted to grab out
at the same time and the ampersand at the end gives you back command prompt otherwise
you wouldn't have your terminal prompt back until after Nodless finished running.
And before you copy anything out of that copy of your original home folder in slash temp,
make sure you enable view hidden files.
So the configuration files that start with a period and any other hidden files and directories
will be recovered as well as your normal documents.
Now when I tried this I had trouble with Nodless stopping on files that couldn't copy for
some reason.
So I halted Nodless, I gave up on that and I used just a CP command from the terminal and
how I did that was CP space capital R, I'm sorry, CP space dash capital R, lowercase v,
space slash tmp slash ecryptfs period, some huge long string characters, space slash media
slash usb drive slash recovered and now after media slash usb drive is a place, placeholder
in my notes for the name of the drive that I plugged in, it's probably going to amount
as media slash some name of some drive it might be usb zero or whatever.
But if you've named your external drive, it's probably going to come up as slash media
slash that drive name and assuming you're not just dropping everything into the root
folder of that external drive, you're probably going to want to create a folder on that
drive to place your old home folder contents in it.
So I called mine recovered, you can call yours, whatever you want, the, and then the command
line switches that I use capital R, what that does is recursively copy sub-director which
you'll need to do and lowercase v copies of sub-directories verbosely and the main reason
I want to do it that way and I'll always use v after cp command, especially if it's
more than one file is that's the only way I can tell, there's actually progress still
going on or if the machine is hung someplace because with v you says, you know, so and so
command and such and such directory copied and then the next file, such and such file
and such and such directory copied.
If you don't use dash v with cp, all you're going to have is sort of a blinking cursor
until everything's done and then if it's something like this, it may take several minutes,
even several hours to complete, you don't know if the system blocked up and if you're
like me, well, if you're like most users, you look at that zero feedback and you get nervous
and you exit the command and want to start over.
So if you have the dash v, you can, you won't tell you how long it has to go but it will,
you will at least see that you're still making progress and I did make a note in here,
I don't call that this has been a while back, I did this, I'll call why this was but it
does say that this is file ownership difficulties, I could only copy the entire decrypted home
folder at one time.
So in other words, you can't just go in there and get your slash documents, your slash
pictures, whatever you've got to get the whole contents of slash home, your username.
Now, like I said, I copied everything to an external drive and I wanted to copy it back
to some of them, well, I had a bunch of systems, I wanted to keep that we're on that hard
drive and then of course I had whatever personal folders I had on that personal documents,
I had on that computer, personal documents I wanted to put over on the laptop that had
largely replaced it as my main work computer and the ISO files and other download archives,
old movies from archive.org, those go up on my server.
So I plugged the external drive in, well, after shutting down of course the old mid system
running under the Ubuntu CD, cleanly shutting it down and jacking the drive, take the drive
and plug it into your other computer but you're still not going to have ownership of the
folders and that director because they're going to be owned by Ubuntu, you know, your
login while you were the fault log in for the Ubuntu CD username Ubuntu, well, you're
probably not Ubuntu on your on your other system.
So you plug it in and you're going to have to take ownership of that backup folder
again and the way and this is going to be the door version command of course because
the door by default doesn't have a pseudorus file so you have to either run everything
straight as SU or in this case I'm running SU-C to run a single command elevated.
So SU, space, dash, C, space, single quotes to own, space, dash, capital R, space, my username
on my laptop, space, slash media, slash USB drive, slash recovered, closing single quotes.
And I said a lot of people more used to using just SU-DU to do that on the door system or
any system where you don't have a where you don't have a SU-DUERS file unless you, I mean,
you've two ways you can do things, just type SU and get prompted for your root password
and then you can once you want your elevated to root you can type whatever command you want
and when you're done you can type exit this case it was just the one elevated command I wanted
to do so it's SU-C, space, and then the command that I want to do in between single quotes.
So you run the execute that command and it asks your prompted it for your root password.
It runs command and when it's done you're right back to being a normal user you don't have
the terminal left open as root.
So it depends on how many commands you're going to execute once which way is more convenient.
Well that's all I had for today, I've been 5150 for Hacker Public Radio, you can send
me feedback at 5150 at LinuxPacement.com or fill out a contact form on my website which
is at the bigredswitch.druplegardons.com.
Until next time.
Hold on a minute before we go, I just realized that I've been remiss and not thanking Dustin Kirkland
of Dustin Kirkland.com for posting the aforementioned article in the show notes that introduced me
to the E-Crypt FS-Recover-Dash private command without which this episode to say nothing
of recovering my files would have been possible, thanks Dustin.
You have been missing to Hacker Public Radio at Hacker Public Radio does our, we are a community
podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by a HPR listening by yourself.
If you ever consider recording a podcast, then visit our website to find out how easy
it really is.
Hacker Public Radio was founded by the digital.pound and new phenomenon computer cloud.
HPR is funded by the binary revolution at binref.com, all binref projects are crowd-responsive
by lunar pages.
From shared hosting to custom private clouds, go to lunarpages.com for all your hosting
needs.
Unless otherwise stasis, today's show is released on the creative commons, attribution, share
a lot, lead us our license.