在XFCE上试过这个，但是如果Unity / Gnome / KDE / etc对于run-on-login启动文件都是一样的话我不肯定，所以YMMV。

〜/ .config / autostart中的.desktop文件将在登录时运行，告诉它运行一个挂载加密文件夹应该工作的bash脚本。 由于您的主页已经加密，您可以在bash脚本中存储另一个挂载密码，如果您不想每次都输入，那么它不是完美的安全性，但仍在磁盘上加密。 例如~/.config/autostart/test.desktop 。 这样一个非常基本的应该工作：

 [Desktop Entry] Type=Application Exec=/home/user/.config/autostart/runme.sh 

或者在开始之前等待几秒钟（例如，在提示输入密码之前给桌面时间初始化）并以root身份运行，试试这个：

 [Desktop Entry] Type=Application Exec=sudo bash -c "sleep 5; /home/user/.config/autostart/runme.sh" 

或者如果它需要更多细节，复制和编辑现有的细节（如果有的话），或者应该有一种GUI方法在System → Preferences → Startup Applications下制作一个，然后单击Add 。 或者像这样的更多行也应该工作（无论如何，对于XFCE，可能会切断OnlyShowIn行）：

 [Desktop Entry] Encoding=UTF-8 Version=0.9.4 Type=Application Name=test.sh Comment=test.sh Exec=/home/user/.config/autostart/test.sh OnlyShowIn=XFCE; StartupNotify=false Terminal=true Hidden=false 

它只运行目标文件，并且不能与Exec=~/.config/autostart/test.sh因此相应地替换“user”。 您可以使用一个长行而不是将其指向bash脚本。

---

我现在正在调查安装部件，使用虚拟PC进行测试。 由于您已经将eCryptFS与加密的家庭一起使用，因此有一些复杂情况，我刚刚测试过，您家中没有加密的家庭和另一个加密的“私人”文件夹（ encrypted-setup-private和encrypted-mount-private ），但只使用ecryptfs-add-passphrase并调用mount.ecryptfs / mount -t ecryptfs应该可以工作…

---

跳到下面的脚本，找到有效的脚本。 这是可行的，但我没有太多运气。 这两个脚本都要求您输入密码，因此它们并不安全，但您可以根据需要进行编辑，或使用xenity输入密码而不是终端。 这里，mount需要以root身份运行，因此需要在“sudo”密钥环中插入密钥。 以root身份运行整个脚本应该可以工作……？ 可能是在这里咆哮错误的树。

 #!/bin/bash # mostly copied from ecryptfs-mount-private # otherhome should be the path to the folder just outside the actual encrypted home, # For example, /home/.ecryptfs/[user] and must be readable otherhome=/otherpartition/home/.ecryptfs/user decrypted=/media/decrypted WRAPPED_PASSPHRASE_FILE="$otherhome/.ecryptfs/wrapped-passphrase" MOUNT_PASSPHRASE_SIG_FILE="$otherhome/.ecryptfs/Private.sig" PW_ATTEMPTS=3 MESSAGE=`gettext "Enter your login passphrase:"` if [ ! -d "$decrypted" ]; then mkdir -p "$decrypted" || { echo "$decrypted does not exist, can not create"; exit 1; } fi # interactively prompt for the user's password if [ -f "$WRAPPED_PASSPHRASE_FILE" -a -f "$MOUNT_PASSPHRASE_SIG_FILE" ]; then tries=0 stty_orig=`stty -g` while [ $tries -lt $PW_ATTEMPTS ]; do echo -n "$MESSAGE" stty -echo LOGINPASS=`head -n1` stty $stty_orig echo if [ $(wc -l < "$MOUNT_PASSPHRASE_SIG_FILE") = "1" ]; then # No filename encryption; only insert fek if printf "%s\0" "$LOGINPASS" | ecryptfs-unwrap-passphrase "$WRAPPED_PASSPHRASE_FILE" - | ecryptfs-add-passphrase -; then sig=`head -n1 $otherhome/.ecryptfs/Private.sig` break else echo `gettext "ERROR:"` `gettext "Your passphrase is incorrect"` tries=$(($tries + 1)) continue fi else if printf "%s\0" "$LOGINPASS" | ecryptfs-insert-wrapped-passphrase-into-keyring "$WRAPPED_PASSPHRASE_FILE" - ; then sig=`head -n1 $otherhome/.ecryptfs/Private.sig` fnek_sig=`tail -n1 $otherhome/.ecryptfs/Private.sig` break else echo `gettext "ERROR:"` `gettext "Your passphrase is incorrect"` tries=$(($tries + 1)) continue fi fi done if [ $tries -ge $PW_ATTEMPTS ]; then echo `gettext "ERROR:"` `gettext "Too many incorrect password attempts, exiting"` exit 1 fi if [ -v fnek_sig ]; then # filename encryption enabled, $fnek_sig has been set mount -i -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_sig=$sig,ecryptfs_fnek_sig=$fnek_sig $otherhome/.Private $decrypted else # no filename encryption mount -i -t ecryptfs -o ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_sig=$sig $otherhome/.Private $decrypted fi else echo `gettext "ERROR:"` `gettext "Encrypted private directory is not setup properly"` exit 1 fi if grep -qs "$otherhome/.Private $decrypted ecryptfs " /proc/mounts 2>/dev/null; then echo echo `gettext "INFO:"` `gettext "Your private directory has been mounted."` echo fi exit 0 

---

这个脚本确实有用，

虽然我无法从加密的家中运行任何可执行脚本。 不得不把它称为bash / sh的论据

 sudo bash -c ./ecryptfs-mount-single.sh [--rw] [encrypted folder] [mountpoint] 

这里是：

 #!/bin/sh -e # # ecryptfs-mount-single # Modified by Xen2050 from: # # ecryptfs-recover-private # Copyright (C) 2010 Canonical Ltd. # # Authors: Dustin Kirkland  # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . error() { echo "ERROR: $@" 1>&2 echo "Usage: ecryptfs-mount-single [--rw] [encrypted private dir] [mountpoint]" echo "\tWill attempt to mount [encrypted private dir (.Private)] to [mountpoint]" echo "\twith standard options: ecryptfs_cipher=aes,ecryptfs_key_bytes=16" echo "\n\t--rw\tmount with read-write access (optional)" echo "\t[mountpoint] will attempt to be created if it does not exist" exit 1 } info() { echo "INFO: $@" } # We need root access to do the mount [ "$(id -u)" = "0" ] || error "This program must be run as root." # Handle parameters opts="ro" if [ "$1" = "--rw" ]; then opts="rw" shift fi if [ -d "$1" ]; then # Allow for target directories on the command line d="$1" # Only supplying one directory else error "No private directory found; it must be supplied." fi if [ ! -d "$2" ]; then mkdir -p "$2" || error "mountpoint $2 does not exist, can not create" fi # mount directory on the command line tmpdir=$2 # Determine if filename encryption is on ls "$d/ECRYPTFS_FNEK_ENCRYPTED"* >/dev/null 2>&1 && fnek="--fnek" || fnek= if [ -f "$d/../.ecryptfs/wrapped-passphrase" ]; then info "Found your wrapped-passphrase" echo -n "Do you know your LOGIN passphrase? [Y/n] " lpw=$(head -n1) case "$lpw" in y|Y|"") # Use the wrapped-passphrase, if available info "Enter your LOGIN passphrase..." ecryptfs-insert-wrapped-passphrase-into-keyring "$d/../.ecryptfs/wrapped-passphrase" sigs=$(sed -e "s/[^0-9a-f]//g" "$d/../.ecryptfs/Private.sig") use_mount_passphrase=0 ;; *) use_mount_passphrase=1 ;; esac else # Fall back to mount passphrase info "Could not find your wrapped passphrase file." use_mount_passphrase=1 fi if [ "$use_mount_passphrase" = "1" ]; then info "To recover this directory, you MUST have your original MOUNT passphrase." info "When you first setup your encrypted private directory, you were told to record" info "your MOUNT passphrase." info "It should be 32 characters long, consisting of [0-9] and [af]." echo echo -n "Enter your MOUNT passphrase: " stty_orig=$(stty -g) stty -echo passphrase=$(head -n1) stty $stty_orig echo sigs=$(printf "%s\0" "$passphrase" | ecryptfs-add-passphrase $fnek | grep "^Inserted" | sed -e "s/^.*\[//" -e "s/\].*$//" -e "s/[^0-9a-f]//g") fi case $(echo "$sigs" | wc -l) in 1) mount_sig=$(echo "$sigs" | head -n1) fnek_sig= mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16" ;; 2) mount_sig=$(echo "$sigs" | head -n1) fnek_sig=$(echo "$sigs" | tail -n1) mount_opts="$opts,ecryptfs_sig=$mount_sig,ecryptfs_fnek_sig=$fnek_sig,ecryptfs_cipher=aes,ecryptfs_key_bytes=16" ;; *) continue ;; esac (keyctl list @u | grep -qs "$mount_sig") || error "The key required to access this private data is not available." (keyctl list @u | grep -qs "$fnek_sig") || error "The key required to access this private data is not available." if mount -i -t ecryptfs -o "$mount_opts" "$d" "$tmpdir"; then info "Success! Private data mounted at [$tmpdir]." else error "Failed to mount private data at [$tmpdir]." fi 

在注销之前/之后卸载，并且可能从内核密钥环中删除密钥（使用keyctl clear或purge， sudo keyctl clear @u清除所有）可能是好主意。 我在加密的家中安装了第二个文件夹，然后注销，它显然已卸载第二个文件夹（不在/ proc / mounts中），但仍然显示在mount 。