source: src-sh/xtrafiles/local/bin/enable_user_pefs @ 39e56e7

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2releng/10.0.3releng/10.1
Last change on this file since 39e56e7 was 39e56e7, checked in by Kris Moore <kris@…>, 18 months ago

Update enable_user_pefs to work better with ZFS mounted homedirs

  • Property mode set to 100755
File size: 1.6 KB
Line 
1#!/bin/sh
2# Helper script to enable encryption (PEFS) on a users home directory
3# Author: Kris Moore
4# License: BSD
5
6PEFSDBDIR="/var/db/pefs"
7
8USER="$1"
9USERPW="$2"
10
11if [ -z "$USER" -o -z "$USERPW" ] ; then
12   echo "Usage: ${0} <username> <key>"
13   exit 1
14fi
15
16USERHOMEDIR=`cat /etc/passwd | grep "^${USER}:" | cut -d ':' -f 6`
17if [ -z "$USERHOMEDIR" -o ! -d "${USERHOMEDIR}" ] ; then
18   echo "Invalid USERHOMEDIR: $USERHOMEDIR"
19   exit 1
20fi
21
22if [ "$USERHOMEDIR" != "`realpath ${USERHOMEDIR}`" ] ; then
23  echo "Warning: PEFS will not work with sym-linked home dirs.."
24  USERHOMEDIR=`realpath $USERHOMEDIR`
25fi
26
27if [ "$USERHOMEDIR" = '/' ] ; then
28  echo "Bad USERHOMEDIR = /"
29  exit 1
30fi
31
32echo "Encrypting ${USERHOMEDIR}"
33#umount ${USERHOMEDIR} 2>/dev/null
34
35cp -R ${USERHOMEDIR} ${USERHOMEDIR}.$$
36rm -rf ${USERHOMEDIR}/*
37chown ${USER}:${USER} ${USERHOMEDIR}
38
39pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
40echo "${USERPW}" | pefs addkey -v -j - ${USERHOMEDIR}
41echo "${USERPW}" | pefs addchain -v -j - -Z ${USERHOMEDIR}
42
43mv ${USERHOMEDIR}/.pefs.db /tmp/.pefs.db.$$
44tar cvf - -C "${USERHOMEDIR}.$$" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}" 2>/dev/null
45chown -R ${USER}:${USER} ${USERHOMEDIR}
46
47umount ${USERHOMEDIR}
48
49mv /tmp/.pefs.db.$$ ${USERHOMEDIR}/.pefs.db
50chown ${USER}:${USER} ${USERHOMEDIR}/.pefs.db
51
52pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
53rm -rf "${USERHOMEDIR}.$$"
54
55
56# Make sure the DBDIR exists
57if [ ! -d "${PEFSDBDIR}" ]; then
58  mkdir -p ${PEFSDBDIR}
59fi
60
61# Save the directory to auto-mount at boot
62grep -q -e "^${USERHOMEDIR}\$" ${PEFSDBDIR}
63if [ $? -ne 0 ] ; then
64  echo "${USERHOMEDIR}" >> ${PEFSDBDIR}/auto_mounts
65fi
66
Note: See TracBrowser for help on using the repository browser.