i was using a similar bind-mount trick as Boxxy for a good 6 months or so, and then reworked it to prefer symlinks a couple months ago. nearly everything behaves as you’d expect with symlinks if you’re just symlinking within ~, and it’s easier to tell what’s going on or debug stuff.
notably, at some point i decided to encrypt my valuables: password store, PII, etc, and have them unlocked on login via PAM. i also wanted these to be locked when i lock my session. if you have, say, a ~/private mountpoint with sensitive stuff, and then ~/.password-store (for your password manager) pointing somewhere into this store, 2 things can happen when you `umount ~/private`
1. if ~/.password-store was a bind mount over ~/private/, your decrypted passwords will still be accessible through ~/.password-store.
2. if ~/.password-store was a symlink into ~/private/, then your passwords aren’t accessible.
chances are you wanted (2), and it might be scary when you discover that’s not what you had, months after setting it up…
i’ve also had some nasty mount duplication, where some cron job bind-mounts the same thing every hour. turns out linux will happily let you create identical bind mounts as many times as you want, until `/proc/mounts` has 2000 entries and some O(n^2) behavior somewhere in systemd’s namespace setup makes `systemctl start foo` take 3 minutes before invoking any service code. that was a PITA to figure out.
the worst thing that happens when you “mount” the same thing twice when using symlinks, on the other hand, is you get some very obvious nesting. so anyway, i’ve bit myself a few too many times. i’m very weary to reach for bind mounts anywhere symlinks can also do the job.
if you can make a /etc/fstab entry for your filesystem, then you can configure pam_mount using the same options as the fstab entry and it should work.
for the actual encrypted filestore, i’m using gocryptfs. it’s a more actively developed alternative to eCryptfs: mostly a drop-in replacement. there’s a lot of options here: dm-crypt over a dedicated partition is probably what a cryptographer would recommend, everything else is making tradeoffs (e.g. leaking metadata like file size/directory entry count) for better UX elsewhere. read the wiki to pick the best for your needs :)
on the off-chance you’re using NixOS, i configure these parts here:
Easy solution for that is what I do, just cd to the directory you want the symlink placed in, and then create it with one path instead of two. No need to think about whether or not the order is correct. It's really obnoxious that Windows chose the opposite syntax. (Yes. I have an unnecessary number of junction points and hard links on my system. When I reinstall next, I'll have a bad time dealing with it)
What's so bad about symlinks though?