Bug 201550 - pam_mount should ship mount.crypt as /sbin/mount.crypt
pam_mount should ship mount.crypt as /sbin/mount.crypt
Product: Fedora
Classification: Fedora
Component: pam_mount (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Michael J Knox
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2006-08-07 07:02 EDT by Hans Ulrich Niedermann
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-09-07 00:55:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Hans Ulrich Niedermann 2006-08-07 07:02:51 EDT
Description of problem:

  Mounting encrypted file systems using pam_mount fails due to mount
  not finding mount.crypt.

  The reason is that "mount -t crypt" looks for mount.crypt only
  in /sbin, not in /usr/bin where the pam_mount installs it.

  Copying /usr/bin/mount.crypt to /sbin/mount.crypt fixes the problem.

Version-Release number of selected component (if applicable):


How reproducible:

  Every time.

Steps to Reproduce:
1. Create a test user "foobar":
   # useradd foobar
   # passwd foobar
     (the same password will be used later for the LUKS key)
2. Create the logical volume for the user's encrypted home:
   # lvcreate -L 16M -n foobar MYVG
   # cryptsetup luksFormat /dev/MYVG/foobar
   # cryptsetup luksOpen /dev/MYVG/foobar foobar-clear
   # mkfs.ext3 /dev/mapper/foobar-clear
3. Set up the user's home directory:
   # mount /dev/mapper/foobar-clear /mnt
   # chown foobar.foobar /mnt
   # mv /home/foobar/{*,.[a-z]*} /mnt
   # umount /mnt
4. Close the LUKS device:
   # cryptsetup luksClose foobar-clear
5. Add a new key to the LUKS device with the user's login password:
   # cryptsetup luksAddKey /dev/MYVG/foobar
     (use the user's login password)
6. Add line to /etc/security/pam_mount.conf:
   volume foobar crypt - /dev/MYVG/foobar /home/foobar - - -
7. Tune the /etc/pam.d/ config to add pam_mount.so, e.g. by adding
     auth required pam_mount.so
     auth sufficient pam_unix.so nullok try_first_pass
     session optional pam_mount.so
     session required pam_unix.so
   e.g. in /etc/pam.d/system-auth
8. Log in as user foobar on the console.
Actual results:

  mount: unknown filesystem type 'crypt'
  and "pwd" is /

Expected results:

  "pwd" is /home/foobar

Additional info:

  Copying /usr/bin/mount.crypt to /sbin/mount.crypt fixes the problem.
Comment 1 Jan Engelhardt 2006-08-30 13:31:52 EDT
This is fixed since pam_mount 0.15.
Comment 2 Michael J Knox 2006-08-30 13:37:33 EDT
I will try to get this updated over the weekend when I am off shift. 
Comment 3 Michael J Knox 2006-09-07 00:55:29 EDT
pam_mount 0.17 has been built. Hopefully hit the mirrors soon. 

Note You need to log in before you can comment on or make changes to this bug.