can i use hal for an encrypted home?
James Utter
james.utter at gmail.com
Wed Jun 20 08:42:02 PDT 2007
I think that pam-mount is the best tool for this.
I haven't used it myself, so I can't give you any further tips,
although I can point you to this tutorial.
http://gentoo-wiki.com/HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount
Cheers,
James
On 20/06/07, Farkas Levente <lfarkas at bppiac.hu> wrote:
> hi,
> after a long discussion on the udev list they suggest to ask it here.
> the basic setup is that i like to encrypt me home partition but do it to
> be as usable as possible:-) so i decided not to encrypt / neither other
> part of my system. requirements:
> - use my pc as a workstation.
> - encrypted home dir for me (and even every other users),
> - the home dir would be encrypted all the time ie. do not decrypt during
> boot. these are my workstation on my different working place, but these
> computers always running.
> - when i like to login simple be able to "open" ie. decrypt my home dir.
> - use it and when i finish my work and logout "close" the encrypted volume.
>
> so my question how can you do it?
>
> i just create a new partition create a luks ext3 on it and put my home
> dir into this volume. at the same time i put the encryption key into a
> file into my pendrive.
> my home directory is a luks encrypted volume:
> ----------------------------------------
> # df
> Filesystem 1K-blocks Used Available Use% Mounted on
> /dev/mapper/VolGroup00-LogVol00
> 34692928 5613204 27288956 18% /
> /dev/sda1 101086 12297 83570 13% /boot
> tmpfs 517532 0 517532 0% /dev/shm
> /dev/mapper/home-lfarkas
> 39509616 27716680 11391540 71% /home/lfarkas
> # cryptsetup status home-lfarkas
> /dev/mapper/home-lfarkas is active:
> cipher: twofish-cbc-essiv:sha256
> keysize: 256 bits
> device: /dev/mapper/VolGroup00-LogVol02
> offset: 2056 sectors
> size: 80279544 sectors
> mode: read/write
> ----------------------------------------
> the keyfile (ie. the password to the encrypted partition) is on the
> pendrive hidden partition. _before_ i login i just plug in the pendrive
> and udev recognize it and mount the pendrive and use the file which
> contains the encryption key and mount my volume. when i unplug it it
> close the luks partition. this's my udev rules:
> ----------------------------------------
> # cat /etc/udev/rules.d/10-local.rules
> ACTION=="add", KERNEL=="sd[a-z]", SUBSYSTEM=="block",
> ATTR{size}=="2880", ATTRS{serial}=="07530736300A", ATTRS{product}=="USB
> DISK Pro", SYMLINK+="lfarkas", RUN+="/root/bin/home-up
> /dev/VolGroup00/LogVol02 lfarkas"
>
> ACTION=="remove", KERNEL=="sd[a-z]", SUBSYSTEM=="block",
> RUN+="/root/bin/home-down lfarkas"
> ----------------------------------------
> and the used scripts:
> ----------------------------------------
> # cat /root/bin/home-up
> #!/bin/bash
> if [ -z "`grep /home/$2 /proc/mounts`" ]; then
> TMPDEV="/mnt/tmp"
> mount -t vfat $DEVNAME $TMPDEV
> KEY="$TMPDEV/.$2.key"
> if [ ! -f $KEY ]; then
> exit 1
> fi
> /root/bin/luks-up $1 /home/$2 < $KEY
> RES=$?
> umount $TMPDEV
> exit $RES
> fi
> # cat /root/bin/home-down
> #!/bin/bash
> if [ -z "`ps -u $1|grep .Xclients|egrep -v grep`" ]; then
> killall -u $1
> umount /media/*
> sleep 5
> /root/bin/luks-down /home/$1
> fi
> ----------------------------------------
> this's working, but may be there is a better easier way to do this.
> the problem is that my home is not accessible before i "open" my home so
> any script or info is not usebale and it's not possible to "open" my
> volume during the gnome login session since gnome login session requires
> my gnome setting which is in my home dir:-(
> any way i currently don't see any way to encrypt home dir for each
> users, that can't see each other homes and be able to "decrypt" when
> they'd like to use it.
> i hope it's clear now.
>
> --
> Levente "Si vis pacem para bellum!"
> _______________________________________________
> hal mailing list
> hal at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/hal
>
More information about the hal
mailing list