* [dm-crypt] crypttab "tmp" option and /tmp 1777 permissions
@ 2014-02-09 5:41 Andrey Borzenkov
2014-02-09 10:46 ` Heiko Rosemann
0 siblings, 1 reply; 2+ messages in thread
From: Andrey Borzenkov @ 2014-02-09 5:41 UTC (permalink / raw)
To: dm-crypt
Interesting thread
https://forums.opensuse.org/showthread.php/495266-After-update-root-works-but-not-regular-user which boils down to following:
user is using "tmp" option for /tmp crypto container in /etc/crypttab
(in this case it seems it was created by installer without user even
realizing it). This recreates filesystem every time, this resetting
permissions of fs root to default. It in turn breaks KDM which
needs /tmp to be writable.
I wonder what is the proper place to fix it. Reading crypttab manual,
it says
The encrypted block device will be prepared for using it as /tmp;
it will be formatted using mke2fs(8). This option implies plain.
And /tmp is almost universally used with 1777 permissions today (and it
is expected to be world writable in any case), so I would say -
cryptsetup should do it; the only question is whether it should do it
unconditionally?
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [dm-crypt] crypttab "tmp" option and /tmp 1777 permissions
2014-02-09 5:41 [dm-crypt] crypttab "tmp" option and /tmp 1777 permissions Andrey Borzenkov
@ 2014-02-09 10:46 ` Heiko Rosemann
0 siblings, 0 replies; 2+ messages in thread
From: Heiko Rosemann @ 2014-02-09 10:46 UTC (permalink / raw)
To: dm-crypt
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/09/2014 06:41 AM, Andrey Borzenkov wrote:
> Interesting thread
> https://forums.opensuse.org/showthread.php/495266-After-update-root-works-but-not-regular-user
> which boils down to following:
>
> user is using "tmp" option for /tmp crypto container in
> /etc/crypttab (in this case it seems it was created by installer
> without user even realizing it). This recreates filesystem every
> time, this resetting permissions of fs root to default. It in turn
> breaks KDM which needs /tmp to be writable.
>
> I wonder what is the proper place to fix it. Reading crypttab
> manual, it says [...]
Cryptsetup/dm-crypt is not responsible for reading /etc/crypttab,
creating the filesystem and/or adjusting the permissions. This is left
to the distro maintainers (or maybe that know-it-all systemd - my
Slackware box has neither an /etc/crypttab nor systemd).
Even more so if the mapping is configured by the installer.
Best Regards,
Heiko
- --
eMails verschlüsseln mit PGP - privacy is your right!
Mein PGP-Key zur Verifizierung: http://pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL3XIgACgkQ/Vb5NagElAWruQCfc8kylSzBxHTIYd2fClLdbFPt
w/MAn0fiCAjY9MIn8w7kOB1I2dCKVvdu
=Tq9o
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-02-09 10:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-09 5:41 [dm-crypt] crypttab "tmp" option and /tmp 1777 permissions Andrey Borzenkov
2014-02-09 10:46 ` Heiko Rosemann
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox