pam_mount'ed as root
From: Eric Enright (sauron_at_tiptsoft.com)
Date: 11/29/03
- Next message: Dennis Clarke: "Re: Problems with finding headers for linux 2.4.22 during util-linux make"
- Previous message: lolo: "booting linux from a floppy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 29 Nov 2003 13:30:22 -0500
Hello,
I'm attempting to configure a loopback-encrypted $HOME which is mounted on
login through pam_mount. Everything has gone well, except for one
problem. When I log in as the user, pam_mount mounts the filesystem fine,
but as root, rather than the user logging in. Thus, the user can not
create files in his own $HOME!
Distro: Gentoo
Kernel: 2.6.0-test11
util-linux: 2.12
--- /etc/pam.d/login ---
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /usr/lib/security/pam_mount.so try_first_pass
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/security/pam_console.so
session required /usr/lib/security/pam_mount.so
--- /etc/pam.d/login ---
--- /etc/security/pam_mount.conf ---
debug 1
mkmountpoint 1
fsckloop /dev/loop7
options_require nosuid,nodev
lsof /usr/sbin/lsof
fsck /sbin/fsck
losetup /sbin/losetup
unlosetup /sbin/losetup -d
smbmount /bin/mount -t smbfs
ncpmount /bin/mount -t ncpfs
umount /bin/umount
lclmount /bin/mount -p0
nfsmount /bin/mount
mntagain /bin/mount --bind
mntcheck /bin/mount
volume mtest local - /home/mtest.img /home/mtest loop,user,exec,encryption=aes - -
--- /etc/security/pam_mount.conf ---
--- login transcript ---
pocky login: mtest
Password:
pam_mount: reading options_require...
pam_mount: checking sanity of volume record
pam_mount: back from global readconfig
pam_mount: per-user configurations not allowed by pam_mount.conf
pam_mount: real and effective user ID are 0 and 0.
pam_mount: about to perform mount operations
pam_mount: information for mount:
pam_mount: --------
pam_mount: (defined by globalconf)
pam_mount: user: mtest
pam_mount: server:
pam_mount: volume: /home/mtest.img
pam_mount: mountpoint: /home/mtest
pam_mount: options: loop,user,exec,encryption=aes
pam_mount: fs_key_cipher:
pam_mount: fs_key_path:
pam_mount: use_fstab: 0
pam_mount: --------
pam_mount: checking to see if /home/mtest.img is already mounted at /home/mtest
pam_mount: checking for encrypted filesystem key configuration
pam_mount: checking for encrypted filesystem key configuration
pam_mount: about to start building mount command
pam_mount: mount type is LCLMOUNT
pam_mount: command: losetup -p0 -e aes /dev/loop7 /home/mtest.img
pam_mount: waiting for losetup
pam_mount: command: fsck /dev/loop7
pam_mount: waiting for filesystem check
fsck 1.33 (21-Apr-2003)
e2fsck 1.33 (21-Apr-2003)
/dev/loop7: clean, 10/5136 files, 654/20480 blocks
pam_mount: command: losetup -d /dev/loop7
pam_mount: waiting for losetup delete
pam_mount: mount errors (should be empty):
pam_mount: pam_mount: command: mount -p0 -o loop,user,exec,encryption=aes /home/mtest.img /home/mtest
pam_mount: waiting for mount
Last login: Sat Nov 29 13:07:17 on 2
mtest@pocky mtest $
--- login transcript ---
ls -ld /home/mtest prior to logging in:
drwx------ 2 mtest users 4096 Nov 29 12:50 /home/mtest
ls -ld /home/mtest after logging in:
drwxr-xr-x 2 root root 1024 Nov 28 16:14 /home/mtest
I have a feeling that I'm missing something simple, but I just cannot
locate it. Any ideas?
--
Eric Enright /"\
sauronAtiptsoftDcom \ / ASCII Ribbon Campaign
X Against HTML E-Mail
Public Key: 0xBEDF636F / \
- Next message: Dennis Clarke: "Re: Problems with finding headers for linux 2.4.22 during util-linux make"
- Previous message: lolo: "booting linux from a floppy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
