From: Farkas Levente <lfarkas@bppiac.hu>
To: autofs@linux.kernel.org
Subject: cryptsetup with automount
Date: Thu, 24 Nov 2005 15:35:30 +0100 [thread overview]
Message-ID: <4385CFB2.5070908@bppiac.hu> (raw)
hi,
may be it seems to be offtopic, but first i have to describe the problem
or just jump to the QUESTION.
recently i try to use encrypted filesystem on linux. now i'd not like
into the detail, but it seems currently the best solution is LUKS on
dm-crypt (http://luks.endorphin.org/dm-crypt). the whole thing is well
documented:
http://www.flyn.org/easycrypto/easycrypto.html
http://www.saout.de/tikiwiki/tiki-index.php?page=EncryptedDeviceUsingLUKS
and working for block device and file container.
the only problem you always need to be root:-(
what i would like to do, setup everything as root (create luks partition
is a file in this way eg):
--------------------------------
dd if=/dev/urandom of=/home/lfarkas/.private bs=1M count=2048
losetup /dev/loop0 /home/lfarkas/.private
cryptsetup luksFormat /dev/loop0
cryptsetup luksOpen /dev/loop0 private
mkfs.ext3 /dev/mapper/private
mount /dev/mapper/private /home/lfarkas/private
umount /home/lfarkas/private
cryptsetup luksClose private
losetup -d /dev/loop0
--------------------------------
and after then i'd like to allow user lfarkas to mount his own file and
use it. ie:
--------------------------------
losetup /dev/loop0 /home/lfarkas/.private
cryptsetup luksOpen /dev/loop0 private
mount /dev/mapper/private /home/lfarkas/private
umount /home/lfarkas/private
cryptsetup luksClose private
losetup -d /dev/loop0
--------------------------------
and here comes the problems:
- losetup can used only by root,
- cryptsetup luksOpen/luksClose can used only by root,
- there is a modified mount at :
http://people.redhat.com/kzak/util-linux-cryptsetup/
which should have to allow this with:
mount /home/lfarkas/.private /home/lfarkas/private -t ext3 -o crypt,loop
it always give me:
--------------------------------
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
--------------------------------
while at the and of dmesg:
--------------------------------
VFS: Can't find ext3 filesystem on dev loop0.
--------------------------------
================== QUESTION ====================
so what comes into my mind, may be i can use autofs. can i define some
scripts which are run:
- before the mount
- after the umount
i can use program map and run losetup and cryptsetup luksOpen in it (can
i do so?) and this run by the kernel so run as root. but how can i give
the password of key file in this case? and is there any way to define
post umount script?
yours.
--
Levente "Si vis pacem para bellum!"
next reply other threads:[~2005-11-24 14:35 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-24 14:35 Farkas Levente [this message]
2005-11-24 15:41 ` cryptsetup with automount Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4385CFB2.5070908@bppiac.hu \
--to=lfarkas@bppiac.hu \
--cc=autofs@linux.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.