Announcement

Collapse
No announcement yet.

Encrypted home directory won't mount with "exec" option

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    Encrypted home directory won't mount with "exec" option

    Hi,

    I upgraded to Hardy from Gutsy Gibbon and now I cannot execute files in my home directory anymore. It appears that my encrypted home directory is mounted with "noexec" option even though I specified otherwise (and it worked before the upgrade).

    I had used the following tutorial to encrypt my home directory: http://www.felipe-alfaro.org/blog/20...ng-cryptoloop/

    This is what mount tells me:

    aiwa@magnolia:~$ mount
    /dev/sda6 on / type ext3 (rw,errors=remount-ro)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    /sys on /sys type sysfs (rw,noexec,nosuid,nodev)
    varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
    varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
    udev on /dev type tmpfs (rw,mode=0755)
    devshm on /dev/shm type tmpfs (rw)
    devpts on /dev/pts type devpts (rw,gid=5,mode=620)
    lrm on /lib/modules/2.6.24-16-generic/volatile type tmpfs (rw)
    /dev/sda2 on /boot type ext2 (rw)
    securityfs on /sys/kernel/security type securityfs (rw)
    /home/aiwa.img on /home/aiwa type ext3 (rw,noexec,nosuid,nodev,loop=/dev/loop1,encryption=aes,keybits=256)
    gvfs-fuse-daemon on /home/aiwa/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=aiwa)

    Here's the line in pam_mount.conf.xml that mounts my home directory on login:


    <volume fskeycipher="aes-256-ecb" options="loop,user,exec,encryption=aes,keybits=256 " fskeypath="/home/aiwa.key" user="aiwa" mountpoint="/home/aiwa" path="/home/aiwa.img" fstype="ext3" />


    This is really baffling me. Is this a bug in the new pam release, or the result of some new security policy hidden in another configuration file? Your input is appreciated
    Tags: None
    • Top
    • Bottom
    #2
    Re: Encrypted home directory won't mount with &quot;exec&quot; option

    Btw, here's the output of pam with debugging enabled:


    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:56) Session open: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(rdconf2.c:209) checking sanity of volume record (/home/aiwa.img)
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:535) about to perform mount operations
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:409) information for mount:
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:410) ----------------------
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:411) (defined by globalconf)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:412) user: aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:413) server:
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:414) volume: /home/aiwa.img
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:415) mountpoint: /home/aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:416) options: encryption=aes,exec,keybits=256,loop,user,
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:417) fs_key_cipher: aes-256-ecb
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:418) fs_key_path: /home/aiwa.key
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:419) use_fstab: 0
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:420) ----------------------
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:182) realpath of volume "/home/aiwa" is "/home/aiwa"
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:186) checking to see if /home/aiwa.img is already mounted at /home/aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:873) checking for encrypted filesystem key configuration
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:882) decrypting FS key using system auth. token and aes-256-ecb
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:899) about to start building mount command
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /sbin/losetup [-p0] [-eaes] [-k256] [/dev/loop7] [/home/aiwa.img]
    May 5 18:53:39 magnolia login[9485]: pam_mount(misc.c:56) set_myuid<pre>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9485]: pam_mount(misc.c:56) set_myuid<post>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:107) =
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:697) waiting for losetup
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /sbin/fsck [-p] [/dev/loop7]
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:107) fsck 1.40.8 (13-Mar-2008)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:107) /dev/loop7: clean, 14828/1048576 files, 916302/2097152 blocks
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:107) /dev/loop7: clean, 14828/1048576 files, 916302/2097152 blocks
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:801) waiting for filesystem check
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /sbin/losetup [-d] [/dev/loop7]
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:735) waiting for losetup delete
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /bin/mount [-p0] [-t] [ext3] [/home/aiwa.img] [/home/aiwa] [-oencryption=aes,exec,keybits=256,loop,user,]
    May 5 18:53:39 magnolia login[9490]: pam_mount(misc.c:56) set_myuid<pre>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9490]: pam_mount(misc.c:56) set_myuid<post>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:107)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:933) waiting for mount
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:134) clean system authtok (0)
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /usr/sbin/pmvarrun [-u] [aiwa] [-o] [1]
    May 5 18:53:39 magnolia login[9495]: pam_mount(misc.c:56) set_myuid<pre>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9495]: pam_mount(misc.c:56) set_myuid<post>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:425) pmvarrun says login count is 1
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:548) done opening session (ret=0)
    May 5 18:53:39 magnolia login[9477]: pam_unix(login:session): session opened for user aiwa by aiwa(uid=0)
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:460) Entered pam_mount session stage
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:481) back from global readconfig
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:483) per-user configurations not allowed by pam_mount.conf.xml
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:56) Session open: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(rdconf2.c:209) checking sanity of volume record (/home/aiwa.img)
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:535) about to perform mount operations
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:409) information for mount:
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:410) ----------------------
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:411) (defined by globalconf)
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:412) user: aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:413) server:
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:414) volume: /home/aiwa.img
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:415) mountpoint: /home/aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:416) options: encryption=aes,exec,keybits=256,loop,user,
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:417) fs_key_cipher: aes-256-ecb
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:418) fs_key_path: /home/aiwa.key
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:419) use_fstab: 0
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:420) ----------------------
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:182) realpath of volume "/home/aiwa" is "/home/aiwa"
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:186) checking to see if /home/aiwa.img is already mounted at /home/aiwa
    May 5 18:53:39 magnolia login[9477]: pam_mount(mount.c:853) /home/aiwa.img already seems to be mounted at /home/aiwa, skipping
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:134) clean system authtok (0)
    May 5 18:53:39 magnolia login[9477]: pam_mount(misc.c:285) command: /usr/sbin/pmvarrun [-u] [aiwa] [-o] [1]
    May 5 18:53:39 magnolia login[9496]: pam_mount(misc.c:56) set_myuid<pre>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9496]: pam_mount(misc.c:56) set_myuid<post>: (uid=0, euid=0, gid=1000, egid=1000)
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:425) pmvarrun says login count is 2
    May 5 18:53:39 magnolia login[9477]: pam_mount(pam_mount.c:548) done opening session (ret=0)


    Notice how it does get the "exec" option.
    • Top
    • Bottom

    Comment

    Previous template Next
    Working...
    X