[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Auto-unmounting secure partitions

To: linux-crypto@nl.linux.org
Subject: Re: Auto-unmounting secure partitions
From: "W. Michael Petullo" <mike@flyn.org>
Date: Sun, 10 Nov 2002 23:39:11 +0100
In-Reply-To: <1036966924.9105.2.camel@ws12.commsecure.com.au>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:listar@nl.linux.org?Subject=help>
List-owner: <mailto:riel@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Listar version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Original-Recipient: rfc822;linux-crypto-archive@nl.linux.org
References: <memo.20021110210507.65253A@charsley.demon.co.uk> <1036966924.9105.2.camel@ws12.commsecure.com.au>
Sender: linux-crypto-bounce@nl.linux.org
User-Agent: Mutt/1.4i

> > I've got a encrypted partition set up under /secure. I'd like the 
> > partition to be unmounted after no-ones used it for, say, 30 minutes. I'm 
> > guessing that there are already tools available to do this, so in order of 
> > preference, can people advise me
> 
> I've been thinking about this too. I think it would be better to have
> the screen lock do the umounting, for reasons which may become clear.
> 
> > - which fstab/mount option to use
> > - which command line tool to use
> > - which command line tool will tell me whether any process has a file open 
> > under /secure and/or /dev/hdb6 (so I can write a script to run under cron)
> 
> /sbin/fuser -m /secure will do the trick. What it will show, though, is
> that all sorts of things end up holding files and directories open more
> or less at random.
> 
> > - which API call to make in order to tell whether any process has a file 
> > open under /secure and/or /dev/hdb6 (so I can write an executable to run 
> > under cron)
> 
> For a workstation, I think it would be better that when the display is
> locked, the filesystem is umounted. I've even got some scripts that do
> it, except I don't know how to hook them into xscreensaver to make it do
> it.
> 
> fuser also takes a -k option to cause it to kill all the processes using
> the file(s), which I use before umounting.

I use my pam_mount modules to tie mounting and unmounting encrypted
filesystems to logging in and logging out.  XScreenSaver seems to support
PAM, so I guess it could be configured to use pam_mount to re-mount your
secure filesystem when you enter a password to unlock your screen.
Perhaps a hook could be added to XScreenSaver to unmount your filesystem
when the screensaver pops up.

Problem of open files remains, though.

Pam_mount is available at http://www.flyn.org.

-- 
Mike

:wq
-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

References:
- Auto-unmounting secure partitions
  - From: linux.crypto@charsley.com (Mark Charsley)
- Re: Auto-unmounting secure partitions
  - From: Stephen Robert Norris <srn@fn.com.au>

Prev by Date: Re: Auto-unmounting secure partitions
Next by Date: Re: Auto-unmounting secure partitions
Prev by thread: Re: Auto-unmounting secure partitions
Next by thread: Re: Auto-unmounting secure partitions
Index(es):
- Date
- Thread