Did You Know? man is the Linux’s manual pager. Each page argument given to man is normally the name of a program, utility or function. The manual page associated with each of these arguments is then found and displayed. A section, if provided, will direct man to look only in that section of the manual. The default action is to search in all of the available sections, following a pre-defined order and to show only the first page found, even if page exists in several sections.

ISSN 1836-5930

Receive Your Complimentary Guide to Linux NOW!

A Newbie's Getting Started Guide to Linux

Linux from Scratch - Create Your Own Linux System - Free eBook

The GNU/Linux Advanced Administration

A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx)

Poll

Do you care about your privacy when using a FACEBOOK?

Yes, I do and stopped using Facebook.

No, I do not ! I have nothing to hide.

I'm a Linux user, I do not have time for Facebook.

No comment ! Facebook sucks !

linuxconfig.org
is hosted by:

Partition Encryption

Article Index
1. Scenario
2. Prerequisites
3. Create Encrypted Partition
4. Create Filesystem
5. Edit pam_mount.conf
6. Configure pam authentication
7. Testing encrypted partition

1. Scenario

In this Linux config we are going to create encrypted partition for user "linuxconfig" and use pam_mount to mount it under /home/linuxconfig directory. For this config we have used Debian Linux, however the very same principle for creating encrypted partitions can be applied also for any other Linux distributions such as SuSe, RedHat, Gentoo, Ubuntu.

2. Prerequisites

First and the most important one is to make sure that on partition on which you are going to encrypt, is empty. If you have some important data there move them NOW to some save place. When creating encrypted partition all data will be removed. Secondly we need to satisfied software prerequisite so you need to install packages for:

cryptsetup ( Ubuntu, Debian package: cryptsetup )
pam_mount ( Ubuntu, Debian package: libpam-mount )

3. Create Encrypted Partition

This command will create Encrypted partition /dev/sdb1 by formating it with LUKS Encryption:

# cryptsetup luksFormat /dev/sdb1

Create Encrypted Partition

Open Encrypted partition:
This command will create an entry in /dev/mapper for sdb1 partition.

# cryptsetup luksOpen /dev/sdb1 sdb1

will create an entry in /dev/mapper for sdb1 partition

4. Create Filesystem

Now we can create filesystem as on any other partition. The only difference is that we create filesystem via mapper. If you try to create filesystem on /dev/sdb1 you will get this error message:

mke2fs 1.40-WIP (14-Nov-2006)
/dev/sdb1 is apparently in use by the system; will not make a filesystem here!

Instead we will use command:

# mkfs.ext3 /dev/mapper/sdb1

create filesystem on encrypted partition

5. Edit pam_mount.conf

Because we want new encrypted partition to be mounted every time user "linuxconfig" log in we need to alter /etc/security/pam_mount.conf file and add this line:

volume linuxconfig crypt - /dev/sdb1 /home/linuxconfig - - -

Edit pam_mount.conf

6. Configure pam authentication

On Debian or Ubuntu system, you will need to edit two files:
/etc/pam.d/common-auth :

auth       optional     pam_mount.so

Configure pam authentication common-auth

/etc/pam.d/common-session

session    optional     pam_mount.so

Configure pam authentication common-session
Please NOTE: Some distributions have only one file with both auth and session.

7. Testing encrypted partition

Let's try login as a "linuxconfig" user, please note that you will be prompted to enter password two times, first time it will be your UNIX password and second time it will be your passphrase for your encrypted partition:
passphrase for encrypted partition

Now we need to confirm that we are using our new encrypted partition:

Get FREE complimentary Linux Guides
	The GNU/Linux Advanced Administration The GNU/Linux systems have reached an important level of maturity, allowing to integrate them in almost any kind of work environment, from a desktop PC to the sever facilities of a big company. In this ebook "The GNU/Linux Operating System", the main contents are related with system administration. You will learn how to install and configure several computer services, and how to optimize and synchronize the resources using GNU/Linux. The topics covered in this 500+ page eBook include Linux network, server and data administration, Linux kernel, security, clustering, configuration, tuning, optimization, migration and coexistence with non-Linux systems. A must read for any serious Linux system admin.
	A Newbie's Getting Started Guide to Linux Learn the basics of the Linux operating systems. Get to know what it is all about, and familiarize yourself with the practical side. Basically, if you're a complete Linux newbie and looking for a quick and easy guide to get you started this is it. You've probably heard about Linux, the free, open-source operating system that's been pushing up against Microsoft. It's way cheaper, faster, safer, and has a far bigger active community than Windows, so why aren't you on it? Don't worry, Makeuseof.com understands. Like many things, venturing off into a completely unknown world can seem rather scary, and also be pretty difficult in the beginning. It's while adapting to the unknown, that one needs a guiding, and caring hand. This guide will tell you all you need to know in 20 illustrated pages, helping you to take your first steps. Let your curiosity take you hostage and start discovering Linux today, with this manual as your guide! Don't let Makeuseof.com keep you any longer, and download the Newbie's Initiation to Linux. With this free guide you will also receive daily updates on new cool websites and programs in your email for free courtesy of MakeUseOf.
	Linux from Scratch Linux from Scratch describes the process of creating your own Linux system from scratch from an already installed Linux distribution, using nothing but the source code of software that you need. This 318 page eBook provides readers with the background and instruction to design and build custom Linux systems. This eBook highlights the Linux from Scratch project and the benefits of using this system. Users can dictate all aspects of their system, including directory layout, script setup, and security. The resulting system will be compiled completely from the source code, and the user will be able to specify where, why, and how programs are installed. This eBook allows readers to fully customize Linux systems to their own needs and allows users more control over their system.
	A Complete Beginner's Manual for Ubuntu 10.04 (Lucid Lynx) Getting Started with Ubuntu 10.04 (Lucid Lynx) is a comprehensive beginners guide for the Ubuntu operating system; it features comprehensive guides, How Tos and information on anything you need to know after first installing Ubuntu. Designed to be as user-friendly and easy to follow as possible, it should provide the first point of reference to any Ubuntu newcomer with lots of information. The manual has step by step instructions and includes lots of screenshots to show you how to do tasks. It also includes a Troubleshooting section to help you solve common Ubuntu problems quickly. Download this 160+ page manual today.

Add New
Search

Comments (1)

2009-12-27 00:49:56 |Your IP address:94.194.96.xxx| RMOP - Encryption w Automout of Other Folders

Thanks for the useful guide. I managed to encrypt a data-only partition (sda1) on my eeePC. It's NOT my /home/usr directory, and I'm not sure how to have it automount based on the example above.

Presently, the unmounted drive shows up as "4.0 GB Filesystem." If I click on it from Nautilus, I'm first prompted for the encryption key, and they for my user PW. Then drive then is decrypted and mounted with the less-than-desirable label of: 3485b5cd-00ff-4f24-84db-176742963f38 (!).

How should I modify the lines in /etc/security/pam_mount.conf and/etc/fstab for automount, please? OR, how can I force this drive to mount manually with a short, descriptive label? That would be preferable to the monstrosity cited above!

Many thanks.

Reply Quote