Gabor Walter wrote:
Hi,
I want to encrypt my entire /home directory which is on a separate
partition. I used cryptsetup which is available in FC5. I successfully
created the encrypted partition and I also found a script at
http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen which I would like
to incorporate into my startup. The question is, where exactly?
Should I (can I) modify rc.sysinit?
Or should I just put it into rc.local?
This is what I tried, but then I keep getting a message that /home needs a
file system check and is corrupt (this sounds logical, because at this point
the partition is neither opened nor mounted).
So it looks to me like a real catch-22.
TIA for any suggestions.
Gabor Walter
Hungary
I'm not on FC5 yet, so take the following with a grain of salt, in case
FC5 includes the HAL modifications that have been discussed elsewhere.
From the error message you are getting, which is presumably the result
of FC5 attempting to auto mount the partition and not recognizing it as
being encrypted, I presume not.
If not, then you need to modify /etc/fstab so that the mounting
information for /home is properly mapped to the new device and does not
auto mount the /home partition before it is opened with the passphrase.
Remove or comment out any existing line in /etc/fstab referring to
/home. Then add something like the following line:
/dev/mapper/hdc5 /home ext3 noauto 0 0
This maps /home to the proper encrypted device, in my case hdc5. It sets
'noauto' so that the partition is not auto mounted at boot. You may or
may not need to add either 'user' or 'users' to the options (noauto)
field, depending upon the user restrictions you want on mounting the
partition. Also, change the file system type as may be appropriate, if
you are not using ext3. See 'man mount' for more info.
As with Reinhard, I also added the luksopen script to rc.local and the
system prompts me for the passphrase on boot.
HTH,
Marc Schwartz
