ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hey i want to automount a directory on an encrypted loop at boot time. this i've got dialed, but i want to be prompted for the password and cipher type. but more importantly, i want to just skip the step if no response is received in say, 10 seconds, or the return key is hit -- e.g., if i'm not around when the machine is booting, or not interested in mounting on a particular boot. could someone please provide and example or a quick script skeleton? thanks!
Please show us what you've done yourself and we'll happily build on that. If you've got none, then how are you going to verify what ppl post will work/ain't malicious/does fsck up inadvertedly?
Ok, here's what I tried. Ruff on a myriad of edges, subject to cerebral convolutions, obfuscated, no PID function etc, etc and not tried live. HTH anyway tho :-]
Code:
#!/bin/sh
# unspawn at rootshell dot be;Dec 18 2002;GPL;Linuxquestions.org;fName: cryptmounter
# YMMV(VM), so be carefull. This runs as root.
# If you don't trust it, encap all commands in echoes and
# execute as sh -x <filename> <arg0>
# chkconfig: 345 91 45
# description: mount crypted filesystems
# BTW[0]
# If you add the next keys to your LILO append= line
# cryptmounter will figure it out at boot time:
# Flag: Arg Explanation
# MC_U None Will have cryptmounter run
# MC_L ${LOGNAME} # like in MCU=myname
# MC_C Cypher # like in MC_C=blowfish
# so: append="MC_U,MC_L=billg,MC_C=aes"
# will run cryptmounter at boot for user billg with cypher aes
# BTW[1]
# IIRC you'll have to adjust your initlevel 0/6 stop/kill times
# else it might not unload properly?..
# config ###############################################################
typeset -a p b c encr logn m
# progname, loop device, timerflag, lockfile
p=( cryptmounter loop2 0 )
p[3]="/var/run/${p[0]}"
# cmds
c=( grep cat echo mount umount )
# f0, f1, etc grepargs
b=( /proc/cmdline /proc/mounts /etc/passwd )
b[9]="-qe"
# Sleeptime
s="20s"
# cyphers
encr=( aes blowfish cast5 des des_ede3 dfc idea mars rc5 rc6 serpent twofish )
# lognames to mount for, uncomment, fill, comment out check.
# BTW[2]
# populate it with users (uid over 500) using smptin like:
# cat /etc/passwd | tr ":" " " | while read r; do
# raw=( ${r} ); if [ ${raw[2]} -ge 500 ]; then list="${raw[0]} ${list}"; fi
# echo ${list}; done
# logn=( undecipherable )
# /config ###############################################################
if [ ${logn[@]} = "" ]; then
printf "%s: fill %s first" "${p[0]}" " \${logn[@]}"
exit 1; fi
. /etc/rc.d/init.d/functions
function chk_init() {
# Populate vars by either grabbing our lockfile (in case of mounted)
# or read commandline. If no lockfile exists we assert no cryptmount
# is done: continue checking cmdline else proc/mounts.
# TODO: chk between lockfile and proc/mounts
case "$1" in
f)
if [ -f ${p[3]} ]; then
# Use, logname, cypher
m=( $(${c[1]} ${p[3]}) )
fi;;
*)
if [ -f ${p[3]} ]; then
# Use, logname, cypher
m=( $(${c[1]} ${p[3]}) )
else
# Use?
${c[0]} ${b[0]} ${b[9]} "MC_U"; m[0]=${?}
case ${m[0]} in
0) # if we do, then we need these:
# Logname?
${c[0]} ${b[0]} ${b[9]} "MC_L"; r[0]=${?}
# Bypass using cut * 2, Long Live Bash!
m[1]=${r[0]:5}; unset r
# Cypher?
${c[0]} ${b[0]} ${b[9]} "MC_C"; r[0]=${?}
m[2]=${r[0]:5}; unset r
# Dump our flags
echo ${m[1]} ${m[2]} > ${p[3]};;
*) # Else...
# Maybe proc sez ${c[3]}ed?
${c[0]} ${b[1]} ${b[9]} "^{p[1]}"; m[0]=${?};;
esac
fi
if [ -z ${m[1]} ]; then init_val m1; fi
if [ -z ${m[2]} ]; then init_val m2; fi;;
esac
}
chk_val() {
case "$1" in
m1) # Logname:
if [ ! -z ${m[1]} ]; then ${c[0]} ${b[2]} ${b[9]} "^${m[1]}"
case ${?} in 0) break;; esac
else init_val m1; fi;;
m2) # Cypher
if [ ! -z ${m[2]} ]; then ${c[2]} ${encr[@]} | ${c[0]} ${b[9]} ${m[2]}
case ${?} in 0) break;; esac
else init_val m2; fi;;
*) # Crude. Bail out at first err.
for i in 0 1 2; do
if [ -z ${m[$i]} ]; then
m[$i]=unknown
printf "%s: error: user %s, cypher %s, err %s.\n" "${p[0]}" "${m[1]}" "${m[2]}" "$?"
exit 1; fi
done;;
esac
}
init_val() {
case "$1" in
m1) # Choose user (m[1]) if not set
if [ -z ${m[1]} ]; then printf "%s: select user.\n" "${p[0]}"
select m1 in quit ${logn[@]}; do
case ${m1} in quit|1) chk_err; break;; *) m[1]=${m1}; chk_val m1;; esac; done; fi;;
m2) # Choose cypher (m[2]) if not set
if [ ! -z ${m[1]} ]; then printf "%s: select cypher.\n" "${p[0]}"
select m2 in quit ${encr[@]}; do
case ${m2} in quit|1) chk_err; break; $0 stop;; *) m[2]=${m2}; chk_val m2;; esac; done; fi;;
esac
}
function start_timer() {
# TODO: Kill some PIDs
sleep 20s
case ${p[2]} in
1) $0 stop; p[2]="0";;
esac
}
function chk_err() {
# Shutoff on err.
case ${?} in
quit|1|127)
printf "%s: error: user %s, cypher %s, err %s.\n" "${p[0]}" "${m[1]}" "${m[2]}" "$?"
$0 stop;;
esac
}
function start() {
# Timer running
p[2]="1"; start_timer &
# This gets us m[@] if any
chk_init
# If we have 'em
chk_val
printf "%s: losetup %s: " "${p[0]}" "/home/${m[1]}.crypt"
losetup -e ${m[2]} /dev/${p[1]} /home/${m[1]}.crypt; chk_err
# Mount loop (-o), w/o {fs,m}tab (-n)
printf "%s: starting %s: " "${p[0]}" "crypted filesystems"
${c[3]} -n -o loop=/dev/${p[1]} /home/${m[1]}; chk_err
${c[2]} 0 ${m[1]} ${m[2]} > ${p[3]}
p[2]="0"
}
function stop() {
# We should have the list from lock first
chk_init f
chk_val
printf "%s: stopping %s: " "${p[0]}" "crypted filesystems"
# Umount force (-f), w/o {fs,m}tab (-n)
${c[4]} -n -f /home/${m[1]}; echo; losetup -d /dev/${p[1]}; rm -f ${p[3]}; exit 1; }
function status() {
chk_init f
chk_val
${c[0]} ${b[1]} ${b[9]} "${p[1]}"
case ${?} in
0) printf "%s: for user: %s status: %s.\n" "${p[0]}" "${m[1]}" "mounted OK.";;
1|127|*) printf "%s: for user: %s status: %s.\n" "${p[0]}" "${m[1]}" "${?} (err)";;
esac
}
# "See how we're called"
case "$1" in
start) start;;
stop) stop;;
restart) $0 stop; $0 start;;
status) status;;
init) chk_init; echo ${m[@]};;
*) printf "%s Usage: {start|stop|restart|status}\n" "${p[0]}"; exit 1
esac
# Exit with the retval of our last action
exit ${?}
Better hope someone comes up with a better idea...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.