[PATCH] ecryptfs-mount-confidential, ecryptfs-umount-private These two scripts have been updated to leverage the mount.ecryptfs_private and umount.ecryptfs_private setuid binaries.
Changes include: * ecryptfs-mount-confidential - Inline documentation updated. - Hardcode to PRIVATE_DIR="Private"; changes are in the works to solve this at an administrative level. - Use a smarter, egrep in /proc/mounts when searching for existing mountpoints - call mount.ecryptfs_private instead of "mount -i" * ecryptfs-umount-confidential - This file STILL has some nasty "^M" business going on. This needs to be solved once and for all... - Inline documentation updated. - Hardcode to PRIVATE_DIR="Private"; changes are in the works to solve this at an administrative level. - Use a smarter, egrep in /proc/mounts when searching for existing mountpoints - call umount.ecryptfs_private instead of "mount -i" Signed-off-by: Dustin Kirkland <[EMAIL PROTECTED]> -- :-Dustin Dustin Kirkland Ubuntu Server Developer Canonical, LTD [EMAIL PROTECTED] GPG: 1024D/83A61194
diff --git a/src/utils/ecryptfs-mount-confidential b/src/utils/ecryptfs-mount-confidential
index fb97310..cbd577c 100755
--- a/src/utils/ecryptfs-mount-confidential
+++ b/src/utils/ecryptfs-mount-confidential
@@ -1,19 +1,17 @@
#!/bin/sh
-# This script mounts a user's confidential ecryptfs folder, and ensures that
-# the permissions on the mountpoint and underlying encrypted directories are
+# This script mounts a user's confidential private folder, and ensures that
+# the permissions on the underlying encrypted directories are
# private, and readable/writable/executable.
#
# Original by Michael Halcrow, IBM
# Extracted to a stand-alone script by Dustin Kirkland <[EMAIL PROTECTED]>
-
-if [ -f $HOME/.ecryptfs/auto-mount ]; then
- CONFIDENTIAL="$HOME/Private"
- . $HOME/.ecryptfs/confidential 2>/dev/null || /bin/true
- if ! mount | grep -q "$CONFIDENTIAL type ecryptfs"; then
- ENCRYPTED_DIR=`grep " $CONFIDENTIAL ecryptfs " /etc/fstab | awk '{print $1}'`
- chmod 700 "$CONFIDENTIAL" "$ENCRYPTED_DIR"
- mount -i "$CONFIDENTIAL"
+PRIVATE_DIR="Private"
+if [ -f "$HOME/.ecryptfs/auto-mount" -a -f "$HOME/.ecryptfs/$PRIVATE_DIR.sig" ]; then
+ if ! egrep -qs "$HOME/[\.]{0,1}$PRIVATE_DIR " /proc/mounts; then
+ chmod 500 "$HOME/$PRIVATE_DIR"
+ chmod 700 "$HOME/.$PRIVATE_DIR"
+ mount.ecryptfs_private
fi
fi
diff --git a/src/utils/ecryptfs-umount-confidential b/src/utils/ecryptfs-umount-confidential
index ede7310..37be1a4 100755
--- a/src/utils/ecryptfs-umount-confidential
+++ b/src/utils/ecryptfs-umount-confidential
@@ -1,19 +1,21 @@
-#!/bin/sh
-# This script unmounts a user's confidential ecryptfs folder, and makes
-# both the mountpoint and underlying encrypted directories read-only.
-#
-# Original by Michael Halcrow, IBM
-# Extracted to a stand-alone script by Dustin Kirkland <[EMAIL PROTECTED]>
-
-CONFIDENTIAL="$HOME/Private"
-. $HOME/.ecryptfs/confidential 2>/dev/null || /bin/true
-if mount | grep -q "$CONFIDENTIAL type ecryptfs"; then
- username=`whoami`
- count=`who | grep "^$username " | wc -l`
- if [ $count -le 1 ]; then
- ENCRYPTED_DIR=`grep " $CONFIDENTIAL " /etc/fstab | awk '{print $1}'`
- umount -l "$CONFIDENTIAL" && chmod 500 "$CONFIDENTIAL" "$ENCRYPTED_DIR"
- fi
-fi
-
-ecryptfs-zombie-kill
+#!/bin/sh
+# This script unmounts a user's private ecryptfs folder, and makes
+# both the mountpoint and underlying encrypted directories read-only, ONLY IF
+# there are 1 or fewer instances of this user left on the system.
+#
+# Original by Michael Halcrow, IBM
+# Extracted to a stand-alone script by Dustin Kirkland <[EMAIL PROTECTED]>
+
+PRIVATE_DIR="Private"
+if [ -f "$HOME/.ecryptfs/auto-mount" -a -f "$HOME/.ecryptfs/$PRIVATE_DIR.sig" ]; then
+ if egrep -qs "$HOME/[\.]{0,1}$PRIVATE_DIR " /proc/mounts; then
+ username=`whoami`
+ count=`who | grep "^$username " | wc -l`
+ if [ $count -le 1 ]; then
+ chmod 500 "$HOME/$PRIVATE_DIR" "$HOME/.$PRIVATE_DIR"
+ umount.ecryptfs_private
+ fi
+ fi
+fi
+
+ecryptfs-zombie-kill
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ eCryptfs-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
