사용자 로그인 시 EncFS 마운트를 설정할 수 없습니다.

tag-icon tag-icon centos pam
사용자 로그인 시 EncFS 마운트를 설정할 수 없습니다.

다음에 설명된 대로 사용자가 로그인할 때 마운트되도록 EncFS를 설정해 보았습니다.이것가이드에는 포함되지 않습니다비밀번호 유틸리티부분적으로는 효과가 거의 없습니다. EncFS는 잘 작동하지만(암호화/복호화 테스트는 작동함) pam_script이를 통해 PAM을 설정하려고 하면 실행되지 않습니다 /etc/security/onauth. 이것이 나의 최종 구성입니다.

이것 #cat /etc/pam.d/password-auth:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
# pam-script for EncFS mounting ......
auth        optional      pam_script.so expose=1 runas=root
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
auth        required      pam_deny.so

account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
# pam-script for EncFS mounting ......
session     optional      pam_script.so runas=root
session     required      pam_unix.so

이것 # cat /etc/security/onauth:

#!/bin/sh
#
# What: onauth, onsessionopen, onsessionclose
# When: 5-Aug-2013
# Who:  Philip Jensen
# Why:  To capture login credentials to transparently fusermount an encrypted
#       home directory for a user.
#

# Setup vars
USER=$1
PASSWORD=$PAM_AUTHTOK
USER_FILE=/tmp/__u
PASSWORD_FILE=/tmp/__p
LOG_FILE=/var/log/pam_script.log

echo "ONAUTH RUNNING script: ${PAM_AUTHTOK} ${PAM_USER}"

/bin/echo "------------------------------" >> ${LOG_FILE}
date >> ${LOG_FILE}
/bin/echo "Run as `whoami`" >> ${LOG_FILE}
#echo "Params passed to this script" >> ${LOG_FILE}
#echo "\$0 = $0" >> ${LOG_FILE}
#echo "\$1 = $1" >> ${LOG_FILE}
#echo "\$2 = $2" >> ${LOG_FILE}
#echo "\$3 = $3" >> ${LOG_FILE}
#echo "\$PAM_AUTHTOK = ${PAM_AUTHTOK}" >> ${LOG_FILE}
#echo "" >> ${LOG_FILE}

capture_credentials() {
        #
        umask 277
        /bin/echo "${USER}" | base64 > ${USER_FILE}
        /bin/echo "${PASSWORD}" | base64 > ${PASSWORD_FILE}
        exit 0
}

mount_encfs_home() {
        USER=`cat ${USER_FILE} | base64 -d`
        PASSWORD=`cat ${PASSWORD_FILE} | base64 -d`

        #echo ${PASSWORD} | su - ${USER} -c "/usr/bin/encfs -v -S /home/.encfs/${USER} /home/${USER} -- -o nonempty"  >> ${LOG_FILE} 2>&1
        echo ${PASSWORD} | su - ${USER} -c "/usr/bin/encfs -v -S /home/.encfs/${USER} /home/${USER} -- -o nonempty"  >> /dev/null 2>&1

        rm ${USER_FILE} ${PASSWORD_FILE}
}

umount_encfs_home() {
        echo "Unmounting encrypted home dir /home/.encfs/${USER} from /home/${USER}" >> ${LOG_FILE}

        # need to do a lazy unmount to wait until the filesystem is clean.
        #umount -l /home/${USER} >> ${LOG_FILE} 2>&1
        umount -l /home/${USER} >> /dev/null 2>&1
}

case "$0" in
        *onauth)
                echo "Capturing credentials" >> ${LOG_FILE}
                capture_credentials
                ;;
        *onsessionopen)
                echo "Trying to mount encfs home" >> ${LOG_FILE}
                mount_encfs_home
                ;;
        *onsessionclose)
                echo "Trying to un-mount encfs home" >> ${LOG_FILE}
                umount_encfs_home
                ;;
esac

echo "------------------------------" >> ${LOG_FILE}
exit 0

다음과 같이 올바른 기호 링크를 사용하십시오 # ll /etc/security/.

...
-rwxr-xr-x. 1 root root 2200 28. Jul 16:00 onauth
lrwxrwxrwx. 1 root root   20 28. Jul 11:41 onsessionclose -> /etc/security/onauth
lrwxrwxrwx. 1 root root   20 28. Jul 11:41 onsessionopen -> /etc/security/onauth

기본 메시지를 제외하고는 로그에 아무것도 표시되지 않습니다 /var/log/secure.

Jul 29 07:07:26 host_name su: pam_unix(su-l:auth): authentication failure; logname=...
Jul 29 07:07:33 host_name su: pam_unix(su-l:session): session opened for user ...
Jul 29 07:07:57 host_name su: pam_unix(su-l:session): session closed for user ...

pam_script는 아래와 같이 올바르게 설치된 것으로 보입니다.

# ll /usr/lib64/security/ | grep script
-rwxr-xr-x. 1 root root 15416 18. Jul 2014  pam_script.so

그리고

# ll /etc/ | grep pam_script
-rwxr-xr-x.  1 root root   3837 18. Jul 2014  pam_script
lrwxrwxrwx.  1 root root     10 28. Jul 09:01 pam_script_acct -> pam_script
lrwxrwxrwx.  1 root root     10 28. Jul 09:01 pam_script_auth -> pam_script
lrwxrwxrwx.  1 root root     10 28. Jul 09:01 pam_script_passwd -> pam_script
lrwxrwxrwx.  1 root root     10 28. Jul 09:01 pam_script_ses_close -> pam_script
lrwxrwxrwx.  1 root root     10 28. Jul 09:01 pam_script_ses_open -> pam_script

질문은 다음과 같습니다.이것onauth결코 촉발되지 않는 것 같기 때문입니다 .

관련 정보