ecryptfs-setup-private  [-f|--force]  [-w|--wrapping]  [-b|--bootstrap]
       [-n|--no-fnek]  [--nopwcheck]  [-u|--username   USER]   [-l|--loginpass
       LOGINPASS] [-m|--mountpass MOUNTPASS]

       Options available for the ecryptfs-setup-private command:

       -f, --force
              Force overwriting of an existing setup

       -w, --wrapping
              Use an independent wrapping passphrase, different from the login

       -u, --username USER
              User to setup, default is current user if omitted

       -l, --loginpass LOGINPASS
              System passphrase for USER, used to wrap MOUNTPASS, will  inter-
              actively prompt if omitted

       -m, --mountpass MOUNTPASS
              Passphrase  for  mounting  the ecryptfs directory, default is 16
              bytes from /dev/urandom if omitted

       -b, --bootstrap
              Bootstrap a new user's entire home directory

       --undo Display instructions on how to undo an encrypted private setup

       -n, --no-fnek
              Do not encrypt filenames; otherwise, filenames will be encrypted
              on systems which support filename encryption

              Do  not check the validity of the specified login password (use-
              ful for LDAP user accounts)

              Setup this user such that the encrypted private directory is not
              automatically mounted on login

              Setup this user such that the encrypted private directory is not
              automatically unmounted at logout

       ecryptfs-setup-private is a program that  sets  up  a  private  crypto-
       passphrase is forgotten, THERE IS NO WAY TO RECOVER THE ENCRYPTED DATA.

       Using the values of USER, MOUNTPASS, and LOGINPASS, ecryptfs-setup-pri-
       vate will:
         - Create ~/.Private (permission 700)
         - Create ~/Private (permission 500)
         - Backup any existing wrapped passphrases
         - Use LOGINPASS to wrap and encrypt MOUNTPASS
         - Write to ~/.ecryptfs/wrapped-passphrase
         - Add the passphrase to the current keyring
         - Write the passphrase signature to ~/.ecryptfs/Private.sig
         - Test the cryptographic mount with a few reads and writes

       The system administrator can add the module to the  PAM
       stack  which  will automatically use the login passphrase to unwrap the
       mount passphrase, add the passphrase to the user's kernel keyring,  and
       automatically perform the mount. See pam_ecryptfs(8).


       ~/.Private - underlying directory containing encrypted data

       ~/Private - mountpoint containing decrypted data (when mounted)

       ~/.ecryptfs/Private.sig  -  file  containing  signature  of  mountpoint

       ~/.ecryptfs/Private.mnt - file containing path of the private directory

       ~/.ecryptfs/wrapped-passphrase  - file containing the mount passphrase,
       wrapped with the login passphrase

       ~/.ecryptfs/wrapping-independent - this file  exists  if  the  wrapping
       passphrase is independent from login passphrase

       ecryptfs-rewrap-passphrase(1),               mount.ecryptfs_private(1),
       pam_ecryptfs(8), umount.ecryptfs_private(1)


       This manpage and the  ecryptfs-setup-private  utility  was  written  by
       Dustin  Kirkland  <>  for Ubuntu systems (but may be
       used by others).  Permission is granted to copy, distribute and/or mod-
       ify  this  document  under the terms of the GNU General Public License,
       Version 2 or any later version published by the Free  Software  Founda-
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2019 Hurricane Electric. All Rights Reserved.