[dm-crypt] Auto Mounting when file accessed?

Arno Wagner arno at wagner.name
Thu Jan 13 19:25:11 CET 2011


Ah, nice! So autofs can execute something on mount. Good
to know.

Arno

On Thu, Jan 13, 2011 at 01:00:38AM -0900, Roger wrote:
> On Thu, Jan 13, 2011 at 12:39:43AM -0900, Roger wrote:
> >On Thu, Jan 13, 2011 at 04:22:17PM +0800, Aaron Lewis wrote:
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>
> >>I didn't follow this thread , but if you just want an simple device
> >>auto-mounter and un-mounter , you should try out kernel auto mounter
> >>rather than a simple script.
> >
> >I got an email also about using the kernel automounter.  Just haven't had the
> >time to test and follow-up on this.
> >
> 
> Found something at the following link.  The only issue I now have is
> working around not using a keyfile and trying to integrate into using something
> like pinentry on CLI on demand.
> 
> Thanks for the help!
> 
> 
> http://www.debian-administration.org/articles/127
> (Posted by ste (81.174.xx.xx) on Tue 19 Jun 2007 at 18:09)
> 
> ---snip---
> In order to avoid opening the hotplug box, I just hacked up this autofs script. It meets my needs so someone else may find it of use too. It will automount an encrypted block device at /dev/sdb using whatever name you choose. The key files with a corresponding name in /etc is used to decrypt the device.
> 
> I have a set of removable hard drives that are used for backup (RDX QuikStor). With the following configuration I can insert a cartridge and the backup software (Bacula) can just mount it, making the encryption transparent to it.
> 
> The mapping for the 'cd' key also appears in this script. That's there because I'm mounting this at /media and hijacking the original, static /etc/auto.media. In /etc/auto.master: 
> 
> /media /etc/auto.media
> 
> In /etc/auto.media: 
> 
> #!/bin/bash
> 
> # This is the path beneath this map's root that autofs is looking for
> key="$1"
> 
> # A static mapping for the key 'cd'
> # This is what /etc/auto.media used to do statically
> if [ "$key" == "cd" ]; then
>   echo -fstype=iso9660,ro,nosuid,nodev / :/dev/cdrom
>   exit 0
> fi
> 
> # The cryptsetup tool from the package of the same name
> CRYPTSETUP=/sbin/cryptsetup
> 
> # This is the raw device that we will mount
> mount_device=/dev/sdb
> 
> # This is the encryption key file
> key_file=/etc/quikstor.key
> 
> # Options to pass to the cryptsetup tool
> luks_opts="--key-file $key_file"
> 
> # Mount options for the encrypted fileystem
> mount_opts="-fstype=xfs,defaults"
> 
> # The mapped block device
> crypt_device=/dev/mapper/$key
> 
> # Give up if there is no key or setup tool
> [ -r $key_file ] || exit 0
> [ -x $CRYPTSETUP ] || exit 0
> 
> # If there is an encrypted device mapped in already, it must be from a
> # previous mount. It may be out-of-date so remove it now.
> [ -b $crypt_device ] && $CRYPTSETUP remove $key
> 
> # Give up if the raw device doesn't have a LUKS header
> $CRYPTSETUP isLuks $mount_device || exit 0
> 
> # Open the encrypted block device
> $CRYPTSETUP luksOpen $mount_device $key $luks_opts >& /dev/null || exit 1
> 
> # If we ended up with a block device, echo a mount line for autofs to use
> if [ -b $crypt_device ]; then
>   echo $mount_opts / $crypt_device
> fi
> ---snip---
> 
> 
> -- 
> Roger
> http://rogerx.freeshell.org/
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list