das Setup wie es hier beschrieben ist, funktioniert fuer mich nicht:
http://www.mayrhofer.eu.org/Default.asp ... &pageid=26
Beim Login soll mittels libpam-mount das Homeverzeichnis des Users entschluesselt und gemountet werden. Das verschluesselte Home liegt in einem File wie es auch in dem Link beschrieben ist.
Ein Login als normaler User auf der Console funktionert infern, als daß dass losetup aufgerufen, das File entschluesselt, cryptsetup ausgefuehrt und schliesslich gemountet wird - nur sind leider die Berechtigungen am $HOME nicht fuer den User, sondern fuer root. Der User hat also keine Schreibrechte in seinem $HOME.
Code: Alles auswählen
# ls -l /dev/loop0
brw-rw---- 1 root disk 7, 0 Jan 24 13:26 /dev/loop0
# ls -l /home/test.img
-rw-r--r-- 1 test test 104857600 Jan 24 14:58 /home/.test.img
/etc/pam_mount.conf:
volume * crypt - /home/.&.img /home/& loop - -
Code: Alles auswählen
# su -l test
reenter password:
pam_mount(readconfig.c:467) path to luserconf set to /home/test/.pam_mount.conf
pam_mount(readconfig.c:197) reading options_allow...
pam_mount(pam_mount.c:439) back from global readconfig
pam_mount(pam_mount.c:443) going to readconfig user
pam_mount(pam_mount.c:448) back from user readconfig
pam_mount(pam_mount.c:459) pam_sm_open_session: real uid/gid=0:1002, effective u
id/gid=0:1002
pam_mount(readconfig.c:418) checking sanity of volume record (/home/.test.img)
pam_mount(pam_mount.c:474) about to perform mount operations
pam_mount(mount.c:368) information for mount:
pam_mount(mount.c:369) ----------------------
pam_mount(mount.c:370) (defined by luserconf)
pam_mount(mount.c:373) user: test
pam_mount(mount.c:374) server:
pam_mount(mount.c:375) volume: /home/.test.img
pam_mount(mount.c:376) mountpoint: /home/test
pam_mount(mount.c:377) options: loop
pam_mount(mount.c:378) fs_key_cipher:
pam_mount(mount.c:379) fs_key_path:
pam_mount(mount.c:380) use_fstab: 0
pam_mount(mount.c:381) ----------------------
pam_mount(mount.c:177) realpath of volume "/home/test" is "/home/test"
pam_mount(mount.c:182) checking to see if /dev/mapper/_home_.test.img is already
mounted at /home/test
pam_mount(mount.c:799) checking for encrypted filesystem key configuration
pam_mount(mount.c:819) about to start building mount command
pam_mount(misc.c:264) command: /bin/mount [-t] [crypt] [-oloop] [/home/.test.img ] [/home/test]
pam_mount(mount.c:851) mount errors (should be empty):
pam_mount(mount.c:100) pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:1002 , effective uid/gid=0:1002
pam_mount(mount.c:100) pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:100 2, effective uid/gid=0:1002
key slot 0 unlocked.
pam_mount(mount.c:100) Command successful.
pam_mount(mount.c:854) waiting for mount
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda5 65899980 46866996 15685444 75% /
udev 10240 84 10156 1% /dev
devshm 517720 12 517708 1% /dev/shm
/dev/mapper/_home_.test.img
98660 5665 87901 7% /home/test
pam_mount(pam_mount.c:123) clean system authtok (0)
pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [test] [-o] [1]
pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:1002, effective uid/gid=0:1 002
pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:1002, effective uid/gid=0: 1002
pam_mount(pam_mount.c:360) pmvarrun says login count is 2
pam_mount(pam_mount.c:491) done opening session
pam_mount(pam_mount.c:106) Clean global config (0)
Code: Alles auswählen
# ls -l /home/
total 5
drwxr-xr-x 3 root root 1024 Jan 24 17:04 test
Hat das irgendwer so am Laufen mit korrekten Rechten? Tips?
Vielen Dank!
Klaus