Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 11th February 2008, 09:39 PM
aldavies Offline
Registered User
 
Join Date: Feb 2008
Posts: 2
mount & unmount encrypted drives in GDM / KDM

Ive exhausted all the advice in the posts I can find on this subject. And this is my first on fedoraforum.

Im playing around with via padlock h/w for encrypting disks and am currently trying to mount encrypted USB flash memory to /home/<user> at login through either GDM or KDM, using pam_mount.

GDM requests the password twice even when using use_first pass and more importantly does not unmount the device when logging out, leaving the device accessible to the next person who logs in.

KDM just doesnt recognise an encrypted usb flash drive either at login (or when already logged in). KDE does however unmount the device if you use GDM to login.

I have changed combinations of /etc/pam.d/gdm, login, kdm, kdm-np, kcheckpass to include the following:

auth optional pam_mount.so use_first_pass
session optional pam_mount.so

also taken "use_first_pass" out of the above and added the following as an alternative...

auth include system_auth use_first_pass

none of the above stops gdm asking for the password to be re-entered and for KDM none of the files above influence KDM mounting the device at all.


As for leaving the device mounted at logout the security log indicates device busy:


Feb 9 23:27:45 localhost gdm-binary[1928]: pam_unix(gdm:session): session closed for user guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:533) received order to close things
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:534) real and effective user ID are 0 and 0.
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /usr/sbin/pmvarrun [-u] [guest1] [-o] [-1]
Feb 9 23:27:45 localhost gdm-binary[2410]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[2410]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:360) pmvarrun says login count is 0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:556) going to unmount
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:368) information for mount:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:369) ----------------------
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:370) (defined by globalconf)
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:373) user: guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:374) server:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:375) volume: /dev/sdc1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:376) mountpoint: /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:377) options:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:378) fs_key_cipher:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:379) fs_key_path:
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:380) use_fstab: 0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:381) ----------------------
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /usr/sbin/lsof [/home/guest1]
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:131) lsof output (should be empty)...
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) bluetooth 2200 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) python 2210 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) puplet 2211 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) nm-applet 2212 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gam_serve 2252 guest1 cwd DIR 254,0 4096 2 /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:133) waiting for lsof
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(misc.c:264) command: /sbin/umount.crypt [/home/guest1]
Feb 9 23:27:45 localhost gdm-binary[2413]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[2413]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:487) umount errors (should be empty):
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gdm-binary[2413]: pam_mount(misc.c:341) set_myuid(pre): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) gdm-binary[2413]: pam_mount(misc.c:376) set_myuid(post): real uid/gid=0:502, effective uid/gid=0:0
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount: /home/guest1: device is busy
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount: /home/guest1: device is busy
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:100) umount.crypt: error unmounting /home/guest1
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(mount.c:490) waiting for umount
Feb 9 23:27:45 localhost gdm-binary[1928]: pam_mount(pam_mount.c:558) unmount of /dev/sdc1 failed

Ive seen posts to the effect that this is likely to be Gconf, but have seen no fix / workaround for this.


Any help with fixing either of these or telling me how to get KDM / KDE working as an alternative would be really appreciated.

Thanks
Reply With Quote
  #2  
Old 11th February 2008, 10:09 PM
aldavies Offline
Registered User
 
Join Date: Feb 2008
Posts: 2
ah, it might help to give some general info about the env. im trying to get this working in....

Im running FC8, all yum updates applied.
pam_mount 0.18-2

I have also added the following to /etc/login.defs (after a Debian related post) which was supposed to ensure the unmount during logout "CLOSE_SESSIONS yes"
Reply With Quote
Reply

Tags
drives, encrypted, gdm, kdm, mount, unmount

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB weirdness: external drives unmount by themselves? ArcaneRaven Hardware & Laptops 2 17th November 2012 03:31 AM
reading encrypted ext3 drives from Windows kilolima Installation, Upgrades and Live Media 3 11th December 2008 03:59 PM
mount/unmount problem leegwebb Using Fedora 1 7th August 2007 02:53 PM
Mount...Unmount........& media player dewangpm Using Fedora 8 11th July 2005 11:49 AM


Current GMT-time: 01:11 (Thursday, 24-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat