Date: Sat, 2 May 2026 19:55:29 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Ronald Klop <ronald-lists@klop.ws>, freebsd-current@freebsd.org Subject: Re: 15.1-BETA1, encrypted homedir is of user root Message-ID: <fdcc565e-0c29-434f-877a-28e8cfdc2b40@plan-b.pwste.edu.pl> In-Reply-To: <1777739501060.3999527212.873143717@klop.ws> References: <fb0d65e6-04af-4af1-8e38-e45b78293752@gmail.com> <1777739501060.3999527212.873143717@klop.ws>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 2.05.2026 at 18:48, Ronald Klop wrote: > Op zaterdag 2 mei 2026 17:03:01 (+02:00) schreef Lars Tunkrans: > >> hi , >> >> I experienced the same issue with freebsd 15.0 >> >> regards >> >> //Lars >> >> On 5/2/26 16:46, Ronald Klop wrote: >>> Hi, >>> >>> I just installed 15.1-BETA1 in a VirtualBox on Aach64. >>> I choose an encrypted homedir when adding a user via the installer. >>> The homedir of the user is owned by 'root:wheel' which is not the user:group of my user. >>> >>> Regards, >>> Ronald. >>> > > Ok, I now understand more of what went wrong. The encrypted homedir is not mounted. > > # zfs get mounted zroot/home/ronald > NAME PROPERTY VALUE SOURCE > zroot/home/ronald mounted no - > > I guess I need to put the passphrase somewhere. > > Oh, in 2022 people had the same problems. > https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/ > > Apparently I need to do something with pam_zfs_key in /etc/pam.d/*. > Maybe a nice project for the Foundation Laptop Project [1]. > > Regards, > Ronald. > > [1]https://github.com/FreeBSDFoundation/proj-laptop/ > > Hi Ronald ! Please let me share my config until the problem gets resolved by the Foundation. This config below works for me, but I have not consulted it with FreeBSD documentation, so it's sub-optimal, please use it at your own risk. /etc/pam.d/login-auth sufficient pam_self.so no_warn /etc/pam.d/login:auth optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively /etc/pam.d/login-auth include system -- /etc/pam.d/login-# session /etc/pam.d/login:session optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively /etc/pam.d/login-session include system -- /etc/pam.d/passwd-password required pam_unix.so no_warn try_first_pass nullok /etc/pam.d/passwd:password optional pam_zfs_key.so homes=zhgst/usr/Home -- /usr/local/etc/pam.d/slim-auth optional /usr/local/lib/pam_gnome_keyring.so /usr/local/etc/pam.d/slim:auth optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively /usr/local/etc/pam.d/slim-auth include system -- /usr/local/etc/pam.d/slim-session required pam_xdg.so runtime_dir_prefix=/var/run/user uiddir /usr/local/etc/pam.d/slim:session optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively /usr/local/etc/pam.d/slim-session optional /usr/local/lib/pam_gnome_keyring.so auto_start I have also to add one note regarding the desktop environment and the Foundation. There is still an unresolved bug regarding pam_gnome_keyring (PR 282005). This bug significantly degrades the overall experience of using FreeBSD as a desktop system. BTW, the upcoming FreeBSD 15.1-RELEASE looks very promising, thanks for all the improvements to everyone involved ! Cheers -- Marek Zarychta [-- Attachment #2 --] <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <div class="moz-cite-prefix">On 2.05.2026 at 18:48, Ronald Klop wrote:<br> </div> <blockquote type="cite" cite="mid:1777739501060.3999527212.873143717@klop.ws"> <pre wrap="" class="moz-quote-pre"> Op zaterdag 2 mei 2026 17:03:01 (+02:00) schreef Lars Tunkrans: </pre> <blockquote type="cite"> <pre wrap="" class="moz-quote-pre">hi , I experienced the same issue with freebsd 15.0 regards //Lars On 5/2/26 16:46, Ronald Klop wrote: </pre> <blockquote type="cite"> <pre wrap="" class="moz-quote-pre">Hi, I just installed 15.1-BETA1 in a VirtualBox on Aach64. I choose an encrypted homedir when adding a user via the installer. The homedir of the user is owned by 'root:wheel' which is not the user:group of my user. Regards, Ronald. </pre> </blockquote> </blockquote> <pre wrap="" class="moz-quote-pre"> Ok, I now understand more of what went wrong. The encrypted homedir is not mounted. # zfs get mounted zroot/home/ronald NAME PROPERTY VALUE SOURCE zroot/home/ronald mounted no - I guess I need to put the passphrase somewhere. Oh, in 2022 people had the same problems. <a class="moz-txt-link-freetext" href="https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/">https://forums.freebsd.org/threads/zfs-for-encrypted-home-directory-decrypted-at-login.86819/</a>; Apparently I need to do something with pam_zfs_key in /etc/pam.d/*. Maybe a nice project for the Foundation Laptop Project [1]. Regards, Ronald. [1] <a class="moz-txt-link-freetext" href="https://github.com/FreeBSDFoundation/proj-laptop/">https://github.com/FreeBSDFoundation/proj-laptop/</a>; </pre> </blockquote> <p>Hi Ronald !</p> <p>Please let me share my config until the problem gets resolved by the Foundation.</p> <p>This config below works for me, but I have not consulted it with FreeBSD documentation, so it's sub-optimal, please use it at your own risk.</p> <p>/etc/pam.d/login-auth sufficient pam_self.so no_warn<br> /etc/pam.d/login:auth optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively<br> /etc/pam.d/login-auth include system<br> --<br> /etc/pam.d/login-# session<br> /etc/pam.d/login:session optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively<br> /etc/pam.d/login-session include system<br> --<br> /etc/pam.d/passwd-password required pam_unix.so no_warn try_first_pass nullok<br> /etc/pam.d/passwd:password optional pam_zfs_key.so homes=zhgst/usr/Home<br> --<br> /usr/local/etc/pam.d/slim-auth optional /usr/local/lib/pam_gnome_keyring.so<br> /usr/local/etc/pam.d/slim:auth optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively<br> /usr/local/etc/pam.d/slim-auth include system<br> --<br> /usr/local/etc/pam.d/slim-session required pam_xdg.so runtime_dir_prefix=/var/run/user uiddir<br> /usr/local/etc/pam.d/slim:session optional pam_zfs_key.so homes=zhgst/usr/Home mount_recursively<br> /usr/local/etc/pam.d/slim-session optional /usr/local/lib/pam_gnome_keyring.so auto_start <br> <br> I have also to add one note regarding the desktop environment and the Foundation. There is still an unresolved bug regarding <span id="summary_container"><span id="short_desc_nonedit_display">pam_gnome_keyring (PR</span></span> 282005). <span class="HwtZe" lang="en"> <span class="jCAhz ChMk0b"><span class="ryNqvb">This bug significantly degrades the overall experience of using FreeBSD as a desktop system.</span></span></span></p> <p>BTW, the upcoming FreeBSD 15.1-RELEASE looks very promising, thanks for all the improvements to everyone involved !</p> <p>Cheers </p> <pre class="moz-signature" cols="72"> -- Marek Zarychta</pre> </body> </html>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fdcc565e-0c29-434f-877a-28e8cfdc2b40>