Installing the PIA app on Linux with encrypted home directories

If you are using an eCryptfs encrypted home directory with your favorite distribution (which is what Ubuntu and derivates uses), you are probably having trouble connecting to PIA. This is because by default, eCryptfs does not allow SUID binaries to run with elevated privileges for security reasons. As a result of that, the Private Internet Access application will need to be moved outside of your home directory for it to function properly. We use an SUID binary for OpenVPN so that the PIA application doesn't require you to enter your password every time the VPN is connected or disconnected and avoid requiring root privileges for the entire application.

Symptoms

If you observe all of the following symptoms, you are affected by this issue:

  • When trying to connect to PIA, the VPN will start connecting and the icon will turn grey, but instead of going into the connected state with the green icon, the VPN will instead switch back to disconnected and the icon will turn back to red as if you disconnected.
  • The
    mount | grep ecryptfs | grep $(whoami)
    command returns something
  • The OpenVPN log in ~/.pia_manager/log/openvpn.log contains permission denied errors or equivalent in your language. You can use the
    tail -n100 ~/.pia_manager/log/openvpn.log
    command to view the last entries of the log file.

Solution

In order to solve this problem, we recommend moving the PIA installation to your /opt/ folder instead, which resides on your root partition and therefore is trusted and SUID binaries are allowed. This can be in a few simple steps:

  1. Make sure that the PIA app is installed. If it is not, please make sure to install it first from our website.
  2. Ensure that the app is not running (if it's open, click on the PIA app tray icon and select Exit).
  3. Open the Terminal.
  4. Make sure that the /opt/ directory exists with this command: (it's fine if this command fails)
    sudo mkdir /opt/
  5. Make sure there is not already an existing PIA installation in /opt/ with this command:
    sudo rm -rf /opt/pia_manager
  6. Move the current installation to /opt/:
    sudo mv ~/.pia_manager /opt/pia_manager
  7. Create a symlink in your home directory so PIA appears to be installed where it normally expects to be:
    ln -s /opt/pia_manager ~/.pia_manager

Additional information

A fix for this issue is planned, and later versions of the PIA application should better address this in the future.

Have more questions? Submit a request