Bug 201550

Summary: pam_mount should ship mount.crypt as /sbin/mount.crypt
Product: [Fedora] Fedora Reporter: Hans Ulrich Niedermann <rhbugs>
Component: pam_mountAssignee: Michael J Knox <michael>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: extras-qa
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-07 04:55:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hans Ulrich Niedermann 2006-08-07 11:02:51 UTC 
Description of problem:

  Mounting encrypted file systems using pam_mount fails due to mount
  not finding mount.crypt.

  The reason is that "mount -t crypt" looks for mount.crypt only
  in /sbin, not in /usr/bin where the pam_mount installs it.

  Copying /usr/bin/mount.crypt to /sbin/mount.crypt fixes the problem.

Version-Release number of selected component (if applicable):

  pam_mount-0.13.0-6.fc5

How reproducible:

  Every time.

Steps to Reproduce:
1. Create a test user "foobar":
   # useradd foobar
   # passwd foobar
     (the same password will be used later for the LUKS key)
2. Create the logical volume for the user's encrypted home:
   # lvcreate -L 16M -n foobar MYVG
   # cryptsetup luksFormat /dev/MYVG/foobar
   # cryptsetup luksOpen /dev/MYVG/foobar foobar-clear
   # mkfs.ext3 /dev/mapper/foobar-clear
3. Set up the user's home directory:
   # mount /dev/mapper/foobar-clear /mnt
   # chown foobar.foobar /mnt
   # mv /home/foobar/{*,.[a-z]*} /mnt
   # umount /mnt
4. Close the LUKS device:
   # cryptsetup luksClose foobar-clear
5. Add a new key to the LUKS device with the user's login password:
   # cryptsetup luksAddKey /dev/MYVG/foobar
     (use the user's login password)
6. Add line to /etc/security/pam_mount.conf:
   volume foobar crypt - /dev/MYVG/foobar /home/foobar - - -
7. Tune the /etc/pam.d/ config to add pam_mount.so, e.g. by adding
     auth required pam_mount.so
   before
     auth sufficient pam_unix.so nullok try_first_pass
   and
     session optional pam_mount.so
   before
     session required pam_unix.so
   e.g. in /etc/pam.d/system-auth
8. Log in as user foobar on the console.
  
Actual results:

  mount: unknown filesystem type 'crypt'
  and "pwd" is /

Expected results:

  "pwd" is /home/foobar

Additional info:

  Copying /usr/bin/mount.crypt to /sbin/mount.crypt fixes the problem.
Comment 1 Jan Engelhardt 2006-08-30 17:31:52 UTC 
This is fixed since pam_mount 0.15.
Comment 2 Michael J Knox 2006-08-30 17:37:33 UTC 
I will try to get this updated over the weekend when I am off shift.
Comment 3 Michael J Knox 2006-09-07 04:55:29 UTC 
pam_mount 0.17 has been built. Hopefully hit the mirrors soon.