ubuntuusers.de

Pam_Mount + Veracrypt Problem

Status: Ungelöst | Ubuntu-Version: Kubuntu 17.04 (Zesty Zapus)
Antworten |

uhuntu

Avatar von uhuntu

Anmeldungsdatum:
19. Februar 2007

Beiträge: 338

Hallo,

ich würde gerne meine mit Veracrypt verschlüsselte NTFS Partition automatisch beim Login mit pam_mount mounten. Allerdings scheitere ich beim Mounten.

in der /etc/security/pam_mount.conf.xml habe ich eingetragen:

                <!-- Volume definitions -->
<volume user="bw" fstype="crypt" noroot="1"  path="/dev/disk/by-partuuid/98746d30-01" mountpoint="/media/veracrypt1" />

                <!-- pam_mount parameters: Volume-related -->
<cryptmount>veracrypt -t -k "" --protect-hidden=no /dev/disk/by-partuuid/98746d30-01 /media/veracrypt1 --pim=0</cryptmount>
<cryptumount>veracrypt -d</cryptumount>

Der Veracrypt Mount Befehl stimmt, auf der Console kann ich die Partition so mounten.

visudo

bw ALL=(ALL) NOPASSWD: /usr/bin/veracrypt

In der /var/log/auth.log steht:

Jul 19 22:37:38 kubuntu sddm-helper: pam_unix(sddm:session): session opened for user bw by (uid=0)
Jul 19 22:37:38 kubuntu sddm-helper: (pam_mount.c:568): pam_mount 2.16: entering session stage
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:786): Could not get realpath of /media/veracrypt1: No such file or directory
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:267): Mount info: globalconf, user=bw <volume fstype="crypt" server="(null)" path="/dev/disk/by-partuuid/98746d30-01" mountpoint="/media/veracrypt1" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="" /> fstab=0 ssh=0
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:309): mkmountpoint: checking /media
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:309): mkmountpoint: checking /media/veracrypt1
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:349): mkdir[0] /media/veracrypt1
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:357): chown /media/veracrypt1 -> 1000:1000
Jul 19 22:37:38 kubuntu sddm-helper: (mount.c:664): Password will be sent to helper as-is.
Jul 19 22:37:38 kubuntu sddm-helper: command: 'veracrypt' '-t' '-k' '--protect-hidden=no' '/dev/disk/by-partuuid/98746d30-01' '/media/veracrypt1' '--pim=0'
Jul 19 22:37:38 kubuntu sddm-helper: (spawn.c:136): setting uid to user bw
Jul 19 22:37:39 kubuntu sddm-helper: (pam_mount.c:116): Clean global config (0)
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 19 25 0:18 / /sys rw,nosuid,nodev,noexec,relatime shared:7 - sysfs sysfs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 20 25 0:4 / /proc rw,nosuid,nodev,noexec,relatime shared:12 - proc proc rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 21 25 0:6 / /dev rw,nosuid,relatime shared:2 - devtmpfs udev rw,size=4029568k,nr_inodes=1007392,mode=755
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 22 21 0:19 / /dev/pts rw,nosuid,noexec,relatime shared:3 - devpts devpts rw,gid=5,mode=620,ptmxmode=000
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 23 25 0:20 / /run rw,nosuid,noexec,relatime shared:5 - tmpfs tmpfs rw,size=817304k,mode=755
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 25 0 253:2 / / rw,relatime shared:1 - ext4 /dev/mapper/vgubuntu-root rw,errors=remount-ro,data=ordered
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 26 19 0:14 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:8 - securityfs securityfs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 27 21 0:22 / /dev/shm rw,nosuid,nodev shared:4 - tmpfs tmpfs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 28 23 0:23 / /run/lock rw,nosuid,nodev,noexec,relatime shared:6 - tmpfs tmpfs rw,size=5120k
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 29 19 0:24 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:9 - tmpfs tmpfs ro,mode=755
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 30 29 0:25 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 - cgroup cgroup rw,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 31 19 0:26 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:11 - pstore pstore rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 32 29 0:27 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:13 - cgroup cgroup rw,devices
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 33 29 0:28 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:14 - cgroup cgroup rw,memory
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 34 29 0:29 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:15 - cgroup cgroup rw,pids
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 35 29 0:30 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:16 - cgroup cgroup rw,perf_event
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 36 29 0:31 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:17 - cgroup cgroup rw,net_cls,net_prio
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 37 29 0:32 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:18 - cgroup cgroup rw,cpu,cpuacct
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 38 29 0:33 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:19 - cgroup cgroup rw,freezer
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 39 29 0:34 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:20 - cgroup cgroup rw,cpuset
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 40 29 0:35 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:21 - cgroup cgroup rw,blkio
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 41 29 0:36 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:22 - cgroup cgroup rw,hugetlb
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 42 20 0:37 / /proc/sys/fs/binfmt_misc rw,relatime shared:23 - autofs systemd-1 rw,fd=41,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1428
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 43 21 0:38 / /dev/hugepages rw,relatime shared:24 - hugetlbfs hugetlbfs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 44 19 0:7 / /sys/kernel/debug rw,relatime shared:25 - debugfs debugfs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 45 21 0:17 / /dev/mqueue rw,relatime shared:26 - mqueue mqueue rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 46 44 0:9 / /sys/kernel/debug/tracing rw,relatime shared:27 - tracefs tracefs rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 75 19 0:39 / /sys/fs/fuse/connections rw,relatime shared:28 - fusectl fusectl rw
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 77 25 8:18 / /boot rw,relatime shared:29 - ext4 /dev/sdb2 rw,stripe=4,data=ordered
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 240 23 0:42 / /run/user/119 rw,nosuid,nodev,relatime shared:248 - tmpfs tmpfs rw,size=817300k,mode=700,uid=119,gid=127
Jul 19 22:37:39 kubuntu sddm-helper: (mount.c:558): 248 23 0:44 / /run/user/1000 rw,nosuid,nodev,relatime shared:255 - tmpfs tmpfs rw,size=817300k,mode=700,uid=1000,gid=1000
Jul 19 22:37:39 kubuntu sddm-helper: (pam_mount.c:522): mount of /dev/disk/by-partuuid/98746d30-01 failed
Jul 19 22:37:39 kubuntu sddm-helper: command: 'pmvarrun' '-u' 'bw' '-o' '1'
Jul 19 22:37:39 kubuntu sddm-helper: (pam_mount.c:441): pmvarrun says login count is 1
Jul 19 22:37:39 kubuntu sddm-helper: (pam_mount.c:660): done opening session (ret=0)
Jul 19 22:37:39 kubuntu sddm-helper: pam_systemd(sddm:session): Cannot create session: Already running in a session
Jul 19 22:37:39 kubuntu sddm-helper: pam_kwallet(sddm:session): pam_kwallet: pam_sm_open_session
Jul 19 22:37:39 kubuntu sddm-helper: pam_kwallet(sddm:session): pam_kwallet: final socket path: /run/user/1000/kwallet.socket
Jul 19 22:37:39 kubuntu sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: pam_sm_open_session
Jul 19 22:37:39 kubuntu sddm-helper: pam_kwallet5(sddm:session): pam_kwallet5: final socket path: /run/user/1000/kwallet5.socket

mount of /dev/disk/by-partuuid/98746d30-01 failed → hat jemand einen Tipp/Ahnung warum?

thx

crasu

Anmeldungsdatum:
26. August 2017

Beiträge: Zähle...

Mit einer ext4 Partition in einem alten truecrypt container geht es so:

1
2
3
4
5
$ cat /sbin/mount.veracrypt 
#!/bin/sh
# This is /usr/bin/truecrpyt-nl; append a newline to the password.
echo veracrypt -tc --text --protect-hidden=no --keyfiles="" $1 $2
(cat; echo)| veracrypt -tc --text --protect-hidden=no --keyfiles="" $1 $2

Und pam config:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
$ cat /etc/security/pam_mount.conf.xml
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<!--
    See pam_mount.conf(5) for a description.
-->

<pam_mount>
<debug enable="0" />
<pmvarrun>pmvarrun -u %(USER) -o %(OPERATION)</pmvarrun>
<volume user="username" fstype="veracrypt" path="/path_to_volume" mountpoint="my mount point" />
</pam_mount>

uhuntu

(Themenstarter)
Avatar von uhuntu

Anmeldungsdatum:
19. Februar 2007

Beiträge: 338

Also das Mounten von Veracrypt Partitionen funktioniert mit cryptsetup so:

<volume user="bw" fstype="crypt" path="/dev/disk/by-partuuid/98746d30-01" mountpoint="vcrypt2"/>
<volume user="bw" fstype="auto" path="/dev/mapper/vcrypt2" mountpoint="/media/bw/vcrypt2"/>

<cryptmount>cryptsetup --veracrypt open --type tcrypt %(VOLUME) %(MNTPT)</cryptmount>

Allerdings schaffe ich mit pam_mount kein sauberes umounten, auch nicht mit einem unverschlüsselten USB-Stick, im Log taucht nix auf?

Antworten |