Pam mount

Resources
Home

The pam_mount.so PAM module Article description::allows systems to automatically mount file systems when a user logs on, and unmount file systems when the user logs off.

Installation

USE flags

The sys-auth/pam_mount package has a few USE flags that it supports:

USE flags for sys-auth/pam_mount A PAM module that can mount volumes for a user session

crypt Add support for encryption -- using mcrypt or gpg where applicable
libressl Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
ssl Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)
Data provided by the Gentoo Package Database · Last update: 2021-01-09 08:47 More information about USE flags

Emerge

To install the package, just emerge it:

root #emerge --ask sys-auth/pam_mount

Configuration

No specific configuration is needed for the installation itself. The actual configuration entries are mentioned below under the Usage section.

Usage

Mounting regular file systems

Edit the PAM configuration file in which the mount action has to be configured. Add the required call to pam_mount.so for auth and session as shown in the next example:

FILE /etc/pam.d/system-login"Enable pam_mount in the proper service"
auth		required	pam_tally2.so onerr=succeed
auth		required	pam_shells.so 
auth		required	pam_nologin.so 
auth		include		system-auth
'''auth		optional	pam_mount.so'''

account		required	pam_access.so 
account		required	pam_nologin.so 
account		include		system-auth
account		required	pam_tally2.so onerr=succeed

password	include		system-auth

session         optional        pam_loginuid.so
session		required	pam_env.so 
session		optional	pam_lastlog.so silent 
session		include		system-auth
session		optional	pam_ck_connector.so nox11
session		optional	pam_motd.so motd=/etc/motd
session		optional	pam_mail.so
'''session		optional	pam_mount.so'''

Next, edit or create the following configuration file:

FILE /etc/security/pam_mount.conf.xml"Configure pam_mount"
<syntaxhighlight lang="xml"><pam_mount>
  <volume user="your username" fstype="ext4" path="/dev/sdxn" mountpoint="/somewhere" option="fsck" />
  <debug enable="1" />
</pam_mount></syntaxhighlight>

This file will establish the file systems to mount when a particular user logs on. Of course, replace the example values with actual ones.

Mounting encrypted file systems (dm-crypt/LUKS)

One might want to mount devices encrypted with cryptsetup. At the moment it's managed by pam_mount automatically, just add fstype="crypt" to the configuration file:

FILE /etc/security/pam_mount.conf.xml
<syntaxhighlight lang="xml"><pam_mount>
  <volume user="username" fstype="crypt" path="/dev/sdXN" mountpoint="/somewhere" option="fsck" />
  <debug enable="1" />
</pam_mount></syntaxhighlight>

For other kind of encrypted file systems specify the appropriate customization for mount programs.

FILE /etc/security/pam_mount.conf.xml
<syntaxhighlight lang="xml"><cryptmount>mount.crypt ...</cryptmount>
<cryptumount>umount.crypt %(MNTPT)</cryptumount></syntaxhighlight>

See man pam_mount.conf for details.

Unmerge

Before removing the package, make sure that no PAM configuration file refers to the module anymore:

user $grep pam_mount /etc/pam.d/*

If no file refers to it anymore, then the package is safe to unmerge:

root #emerge --ask --depclean --verbose sys-auth/pam_mount

See also

  • PAM — allows (third party) services to provide an authentication module for their service which can then be used on PAM enabled systems.
This article is issued from Gentoo. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.