Gabor Walter wrote:
> Hi,
>
> I want to encrypt my entire /home directory which is on a separate
> partition. I used cryptsetup which is available in FC5. I successfully
> created the encrypted partition and I also found a script at
> http://www.saout.de/tikiwiki/tiki-index.php?page=luksopen which I would like
> to incorporate into my startup. The question is, where exactly?
> Should I (can I) modify rc.sysinit?
> Or should I just put it into rc.local?
> This is what I tried, but then I keep getting a message that /home needs a
> file system check and is corrupt (this sounds logical, because at this point
> the partition is neither opened nor mounted).
> So it looks to me like a real catch-22.
> TIA for any suggestions.
>
> Gabor Walter
> Hungary
I'm not on FC5 yet, so take the following with a grain of salt, in case
FC5 includes the HAL modifications that have been discussed elsewhere.
From the error message you are getting, which is presumably the result
of FC5 attempting to auto mount the partition and not recognizing it as
being encrypted, I presume not.
If not, then you need to modify /etc/fstab so that the mounting
information for /home is properly mapped to the new device and does not
auto mount the /home partition before it is opened with the passphrase.
Remove or comment out any existing line in /etc/fstab referring to
/home. Then add something like the following line:
/dev/mapper/hdc5 /home ext3 noauto 0 0
This maps /home to the proper encrypted device, in my case hdc5. It sets
'noauto' so that the partition is not auto mounted at boot. You may or
may not need to add either 'user' or 'users' to the options (noauto)
field, depending upon the user restrictions you want on mounting the
partition. Also, change the file system type as may be appropriate, if
you are not using ext3. See 'man mount' for more info.
As with Reinhard, I also added the luksopen script to rc.local and the
system prompts me for the passphrase on boot.
HTH,
Marc Schwartz
Thanks to everyone for offering help, my system is now running fine.
A couple of notes in case somebody might find them useful:
1. grub.conf needs editing, that is I had to remove the rhgb option
2. selinux seemed to be complaining so I disabled that
3. the luksopen script from the url in my original posting might have a bug in it (I am not much of a shell script guru) because when it reaches the point where it attempts to open and mount the encrypted partitions, it will just skip them even if I press 'y'. So I commented that out and explicitly inserted the appropriate commands.
Gabor Walter
Hungary
A couple of notes in case somebody might find them useful:
1. grub.conf needs editing, that is I had to remove the rhgb option
2. selinux seemed to be complaining so I disabled that
3. the luksopen script from the url in my original posting might have a bug in it (I am not much of a shell script guru) because when it reaches the point where it attempts to open and mount the encrypted partitions, it will just skip them even if I press 'y'. So I commented that out and explicitly inserted the appropriate commands.
Gabor Walter
Hungary
