Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 102112

Summary: sys-auth/pam_encfs-0.1.3 ebuild request
Product: Gentoo Linux Reporter: neuron
Component: New packagesAssignee: Default Assignee for New Packages <maintainer-wanted>
Status: CONFIRMED ---    
Severity: normal CC: bs.net, pam-bugs+disabled, rockoo, tar, ti.liame
Priority: Normal Keywords: EBUILD
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: pam_encfs-0.1.1.ebuild
pam_encfs-0.1.3.ebuild
bump to 0.1.4.2 version

Description neuron 2005-08-11 05:33:14 UTC
It's been requested I file a bugreport for this package a few times now, so I'm
gettin around to it.

pam_encfs is a pam module for auto mounting/unmounting encfs drives on login.

http://hollowtube.mine.nu/wiki/index.php/PAM/PamEncfs
Comment 1 neuron 2005-08-11 05:34:02 UTC
Created attachment 65657 [details]
pam_encfs-0.1.1.ebuild
Comment 2 Jakub Moc (RETIRED) gentoo-dev 2005-11-26 04:48:37 UTC
Created attachment 73632 [details]
pam_encfs-0.1.3.ebuild


ebuild for 0.1.2, now installs pam_encfs.conf (commented out by default), some
sed job in Makefile as well (hardcoded gcc and ld).
Comment 3 neuron 2005-12-01 06:00:57 UTC
new version out, 0.1.3, see no reason why cp pam_encfs-0.1.2 pam_encfs-0.1.3
wouldn't work.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2006-03-06 03:52:23 UTC
(In reply to comment #3)
> new version out, 0.1.3, see no reason why cp pam_encfs-0.1.2 pam_encfs-0.1.3
> wouldn't work.

The ebuild indeed works, however I'm having major problem w/ this module. The only way I could make this do anything was:

#USERNAME       SOURCE          TARGET PATH     ENCFS Options	FUSE Options
j__m	/home/jakub/test-crypt /home/jakub/test	-v		allow_other

(all the rest of config file commented out). However, it mismounts the encrypted directory so that it's not writeable by the user at all! With anything else I tried, it doesn't get mounted at all. :-(

For illustration, mount output

- when mounted manually (encfs ~/test-crypt ~/test):
encfs on /home/jakub/test type fuse (rw,nosuid,nodev,default_permissions,user=j__m)

- when mounted via pam_encfs:
encfs on /home/jakub/test type fuse (rw,nosuid,nodev,default_permissions,allow_other)

The permissions for ~/test are 0700 jakub:users in both cases, however when pam_encfs is used to mount the directory, I cannot write there at all. :-(
Comment 5 Fredrik Blom 2006-03-14 13:41:44 UTC
Perhaps not a problem with pam_encfs, but I can't get it to work at all. No error messages, no nothing.

/etc/security/pam_encfs.conf:
shirosaki   /home/.shirosaki    /home/shirosaki -v  allow_other
---

/etc/pam.d/system-auth:
auth       required     pam_env.so
auth       sufficient   pam_unix.so likeauth nullok
auth       required     pam_deny.so

account    required     pam_unix.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so

auth    required    /lib/security/pam_encfs.so
session required    /lib/security/pam_encfs.so
---

ls /lib/security/pam_encfs.so -la
-rwxr-xr-x  1 root root 10480 14 mar 22.11 /lib/security/pam_encfs.so
Comment 6 Fredrik Blom 2006-03-14 16:27:34 UTC
Well, it sort of works when one first logs in with the specified user and then run "su - <user>". The file system is mounted, but the login fails (since the user isn't in the wheel group). But if the user is in the wheel group, then it doesn't work. Most obviously a PAM misconfiguration. We'll see if I manage to solve it or not.
Comment 7 Fredrik Blom 2006-03-14 16:28:58 UTC
Most obviously a PAM misconfiguration. We'll see if I manage to
> solve it or not.
> 

A misconfiguration from my side, just to clearify. ;)
Comment 8 Fredrik Blom 2006-03-14 17:36:19 UTC
Now I think I start to understand PAM a bit better now. At least it works now. :)

/etc/pam.d/system-auth:
auth       required     pam_env.so
auth       sufficient   /lib/security/pam_encfs.so
auth       sufficient   pam_unix.so likeauth nullok use_first_pass
auth       required     pam_deny.so

account    required     pam_unix.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password   sufficient   pam_unix.so nullok md5 shadow use_authtok
password   required     pam_deny.so

session    required     /lib/security/pam_encfs.so
session    required     pam_limits.so
session    required     pam_unix.so
Comment 9 Fredrik Blom 2006-03-18 00:43:19 UTC
Added the ability for pam_encfs to mount multiple encfs mount points per user instead of just one.

https://joshua.haninge.kth.se/~sachankara/pam_encfs-0.1.3-multiple-mount-points.patch
Comment 10 Jakub Moc (RETIRED) gentoo-dev 2006-05-23 04:39:42 UTC
Sorry folks, I give up on this. The thing fails to produce any useful results here. Poor men's pam_encfs:

~/.bashrc
# mount encfs
if [[ -f $HOME/data/.mounted ]] ; then
    echo "EncFS already mounted."
    return
else
    encfs ~/data-private ~/data
fi

~/.bash_logout
# unmount encfs
[[ -f $HOME/data/.mounted ]] && fusermount -u ~/data

Touch .mounted w/ with your encfs mounted (~/data-private in the example) for the above to work. This way you can also have a password different from your normal login for the mounts (which is impossible w/ pam_encfs AFAIK). Good luck w/ this anyway. ;)
Comment 11 Oleh Kravchenko 2009-10-23 21:40:04 UTC
Created attachment 208067 [details]
bump to 0.1.4.2 version
Comment 12 Märt Bakhoff 2010-10-09 22:56:16 UTC
I started having trouble with pam_encfs after upgrading sys-fs/fuse 2.8.1 -> 2.8.5. The login just freezes (gdm AND commandline). Does anyone have the same problem? Should this be reported upstream? Thanks