source: src-sh/xtrafiles/local/bin/enable_user_pefs @ 1620346

9.1-release9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 1620346 was 1620346, checked in by Kris Moore <kris@…>, 20 months ago

Initial import of PC-BSD /current/ SVN repo

  • Property mode set to 100755
File size: 1.5 KB
Line 
1#!/bin/sh
2# Helper script to enable encryption (PEFS) on a users home directory
3# Author: Kris Moore
4# License: BSD
5
6PEFSDBDIR="/var/db/pefs"
7
8USER="$1"
9USERPW="$2"
10
11if [ -z "$USER" -o -z "$USERPW" ] ; then
12   echo "Usage: ${0} <username> <key>"
13   exit 1
14fi
15
16USERHOMEDIR=`cat /etc/passwd | grep "^${USER}:" | cut -d ':' -f 6`
17if [ -z "$USERHOMEDIR" -o ! -d "${USERHOMEDIR}" ] ; then
18   echo "Invalid USERHOMEDIR: $USERHOMEDIR"
19   exit 1
20fi
21
22if [ "$USERHOMEDIR" != "`realpath ${USERHOMEDIR}`" ] ; then
23  echo "Warning: PEFS will not work with sym-linked home dirs.."
24  USERHOMEDIR=`realpath $USERHOMEDIR`
25fi
26
27echo "Encrypting ${USERHOMEDIR}"
28umount ${USERHOMEDIR} 2>/dev/null
29
30mv ${USERHOMEDIR} ${USERHOMEDIR}.$$
31mkdir ${USERHOMEDIR}
32chown ${USER}:${USER} ${USERHOMEDIR}
33
34pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
35echo "${USERPW}" | pefs addkey -v -j - ${USERHOMEDIR}
36echo "${USERPW}" | pefs addchain -v -j - -Z ${USERHOMEDIR}
37
38mv ${USERHOMEDIR}/.pefs.db /tmp/.pefs.db.$$
39tar cvf - -C "${USERHOMEDIR}.$$" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}" 2>/dev/null
40
41umount ${USERHOMEDIR}
42
43mv /tmp/.pefs.db.$$ ${USERHOMEDIR}/.pefs.db
44chown ${USER}:${USER} ${USERHOMEDIR}/.pefs.db
45
46pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
47rm -rf "${USERHOMEDIR}.$$"
48
49
50# Make sure the DBDIR exists
51if [ ! -d "${PEFSDBDIR}" ]; then
52  mkdir -p ${PEFSDBDIR}
53fi
54
55# Save the directory to auto-mount at boot
56grep -q -e "^${USERHOMEDIR}\$" ${PEFSDBDIR}
57if [ $? -ne 0 ] ; then
58  echo "${USERHOMEDIR}" >> ${PEFSDBDIR}/auto_mounts
59fi
60
Note: See TracBrowser for help on using the repository browser.