[Ecryptfs-users] Automating mount/unmount of encrypted directories under Gnome sessions

Sat, 08 Sep 2007 13:20:02 -0700
As a change to all of my recent bug reports, I would like to share a simple method to mount/unmount encrypted directories when gnome sessions are started and ended. 


I found a package called "libpam_script" which allows custom scripts to 
be executed when a session is started and ended. I didn't find a package 
for Ubuntu, so libpam_script needs to be downloaded from 
http://linux.bononline.nl/linux/pamscript/, compiled and installed into 
/lib/security (automatically handled by the makefile).



Once installed the following line has to be added to the end of 
/etc/pam.d/common-session:


  session required    pam_script.so

The whole content of /etc/pam.d/common-session becomes:

  session required    pam_unix.so
  session optional    pam_foreground.so
  session required    pam_script.so


libpam_script will now execute the script "/etc/security/onsessionopen" 
when a session is started and "/etc/security/onsessionclose" when a 
session is closed. In my case, these files look like:


--- onsessionopen -----------------------
#!/bin/bash

export  HOME=~

encdir=$HOME/protected/encrypted
test -d $encdir && egrep -q ^$encdir /etc/fstab && mount -i $encdir

exit 0
-----------------------------------------

----- onsessionclose --------------------
#!/bin/bash

export  HOME=~

encdir=$HOME/protected/encrypted
egrep -q ^$encdir /etc/fstab && umount -i $encdir

exit 0
-----------------------------------------


For the mount to work transparently "pam_ecryptfs.so" needs to be added 
to /etc/pam.d/common-auth:


auth    required        pam_ecryptfs.so

The above approach can be used to encrypt the whole home directory.

Enjoy,
Stefan





--

Stefan Farestam, PhD  Regional Director    Customer Marketing, EMEA
   [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>  TIBCO Software Inc.  
Stockholm, Sweden
      www.tibco.com <http://www.tibco.com>  Cell: +46 70 649 6838


--
Stefan Farestam
Mobile: +46 70 649 6838


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
eCryptfs-users mailing list
eCryptfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ecryptfs-users














    











					Reply via email to