source: src-sh/xtrafiles/local/bin/enable_user_pefs @ 9f8fa2c

9.2-releasereleng/10.0releng/10.0.1releng/10.0.2
Last change on this file since 9f8fa2c was 9f8fa2c, checked in by Kris Moore <kris@…>, 13 months ago

Update the enable_user_pefs script
Now it will check if PEFS is available on the system and fail if not
It will also auto-correct if the users home-directory is a symlink

  • Property mode set to 100755
File size: 2.0 KB
Line 
1#!/bin/sh
2# Helper script to enable encryption (PEFS) on a users home directory
3# Author: Kris Moore
4# License: BSD
5
6PEFSDBDIR="/var/db/pefs"
7
8# Check if we can safely enable PEFS on this system
9if [ ! -e "/boot/kernel/pefs.ko" ] ; then
10   echo "Error: Requires PEFS in base system!"
11   exit 1
12fi
13
14USER="$1"
15USERPW="$2"
16
17if [ -z "$USER" -o -z "$USERPW" ] ; then
18   echo "Usage: ${0} <username> <key>"
19   exit 1
20fi
21
22USERHOMEDIR=`cat /etc/passwd | grep "^${USER}:" | cut -d ':' -f 6`
23if [ -z "$USERHOMEDIR" -o ! -d "${USERHOMEDIR}" ] ; then
24   echo "Invalid USERHOMEDIR: $USERHOMEDIR"
25   exit 1
26fi
27
28if [ "$USERHOMEDIR" != "`realpath ${USERHOMEDIR}`" ] ; then
29  NEWDIR=`realpath $USERHOMEDIR`
30  echo "Updating sym-linked home dir ${USERHOMEDIR} -> ${NEWDIR}"
31  OLDLINE=`cat /etc/master.passwd | grep "^${USER}:" | cut -d ':' -f 4-`
32  NEWLINE=`echo $OLDLINE | sed "s|:${USERHOMEDIR}:|:${NEWDIR}:|g"`
33  sed -i '.bak' "s|${OLDLINE}|${NEWLINE}|g" /etc/master.passwd
34  pwd_mkdb -p /etc/master.passwd
35  USERHOMEDIR=`realpath $USERHOMEDIR`
36fi
37
38echo "Encrypting ${USERHOMEDIR}"
39umount ${USERHOMEDIR} 2>/dev/null
40
41mv ${USERHOMEDIR} ${USERHOMEDIR}.$$
42mkdir ${USERHOMEDIR}
43chown ${USER}:${USER} ${USERHOMEDIR}
44
45pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
46echo "${USERPW}" | pefs addkey -v -j - ${USERHOMEDIR}
47echo "${USERPW}" | pefs addchain -v -j - -Z ${USERHOMEDIR}
48
49mv ${USERHOMEDIR}/.pefs.db /tmp/.pefs.db.$$
50tar cvf - -C "${USERHOMEDIR}.$$" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}" 2>/dev/null
51
52umount ${USERHOMEDIR}
53
54mv /tmp/.pefs.db.$$ ${USERHOMEDIR}/.pefs.db
55chown ${USER}:${USER} ${USERHOMEDIR}/.pefs.db
56
57pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
58rm -rf "${USERHOMEDIR}.$$"
59
60
61# Make sure the DBDIR exists
62if [ ! -d "${PEFSDBDIR}" ]; then
63  mkdir -p ${PEFSDBDIR}
64fi
65
66# Save the directory to auto-mount at boot
67grep -q -e "^${USERHOMEDIR}\$" ${PEFSDBDIR}
68if [ $? -ne 0 ] ; then
69  echo "${USERHOMEDIR}" >> ${PEFSDBDIR}/auto_mounts
70fi
71
72# Copy /etc/pam.d/ template files
73cp /usr/local/share/pcbsd/pefs/other /etc/pam.d/other
74cp /usr/local/share/pcbsd/pefs/system /etc/pam.d/system
Note: See TracBrowser for help on using the repository browser.