In Ubuntu, there’s an “Encrypt my home directory” feature that makes it so that upon login, an eCryptfs filesystem is mounted on top of
/home/<username>. The password used to decrypt the eCryptfs filesystem is the same as the user password, and the user only has to provide their password once to do both the login and the eCryptfs unlocking. This makes me think that somehow, Ubuntu is running the eCryptfs mount command upon login, using the password the user input into GDM.
How would I implement something similar? I’d like to make a setup where the user’s home directory is stored within a LUKS-encrypted image file that is mounted upon login at
/home/<username>, and unmounted at logout. I know I can run shell commands upon login but before the session is fully initialized using
/etc/gdm/PreSession/Default, but I’m not sure how I would get access to the user password from within that.