source: src-sh/xtrafiles/local/bin/enable_user_pefs @ e961598

9.2-releasereleng/10.0releng/10.0.1
Last change on this file since e961598 was e961598, checked in by Kris Moore <kris@…>, 10 months ago

Now it encrypts all files properly

  • Property mode set to 100755
File size: 2.2 KB
Line 
1#!/bin/sh
2# Helper script to enable encryption (PEFS) on a users home directory
3# Author: Kris Moore
4# License: BSD
5
6PEFSDBDIR="/var/db/pefs"
7
8# Check if we can safely enable PEFS on this system
9if [ ! -e "/boot/kernel/pefs.ko" ] ; then
10   echo "Error: Requires PEFS in base system!"
11   exit 1
12fi
13
14USER="$1"
15USERPW="$2"
16
17if [ -z "$USER" -o -z "$USERPW" ] ; then
18   echo "Usage: ${0} <username> <key>"
19   exit 1
20fi
21
22USERHOMEDIR=`cat /etc/passwd | grep "^${USER}:" | cut -d ':' -f 6`
23if [ -z "$USERHOMEDIR" -o ! -d "${USERHOMEDIR}" ] ; then
24   echo "Invalid USERHOMEDIR: $USERHOMEDIR"
25   exit 1
26fi
27
28if [ "${USERHOMEDIR}" = "/" ] ; then
29   echo "Invalid HOMEDIR = / "
30   exit 1
31fi
32
33if [ "$USERHOMEDIR" != "`realpath ${USERHOMEDIR}`" ] ; then
34  NEWDIR=`realpath $USERHOMEDIR`
35  echo "Updating sym-linked home dir ${USERHOMEDIR} -> ${NEWDIR}"
36  OLDLINE=`cat /etc/master.passwd | grep "^${USER}:" | cut -d ':' -f 4-`
37  NEWLINE=`echo $OLDLINE | sed "s|:${USERHOMEDIR}:|:${NEWDIR}:|g"`
38  sed -i '.bak' "s|${OLDLINE}|${NEWLINE}|g" /etc/master.passwd
39  pwd_mkdb -p /etc/master.passwd
40  USERHOMEDIR=`realpath $USERHOMEDIR`
41fi
42
43echo "Encrypting ${USERHOMEDIR}"
44
45mkdir ${USERHOMEDIR}.$$
46tar cvf - -C "${USERHOMEDIR}" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}.$$" 2>/dev/null
47rm -rf ${USERHOMEDIR}/* 2>/dev/null
48rm -rf ${USERHOMEDIR}/.* 2>/dev/null
49chown ${USER}:${USER} ${USERHOMEDIR}
50
51pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
52echo "${USERPW}" | pefs addkey -v -j - ${USERHOMEDIR}
53echo "${USERPW}" | pefs addchain -v -j - -Z ${USERHOMEDIR}
54
55mv ${USERHOMEDIR}/.pefs.db /tmp/.pefs.db.$$
56tar cvf - -C "${USERHOMEDIR}.$$" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}" 2>/dev/null
57
58umount ${USERHOMEDIR}
59
60mv /tmp/.pefs.db.$$ ${USERHOMEDIR}/.pefs.db
61chown ${USER}:${USER} ${USERHOMEDIR}/.pefs.db
62
63pefs mount ${USERHOMEDIR} ${USERHOMEDIR}
64rm -rf "${USERHOMEDIR}.$$"
65
66
67# Make sure the DBDIR exists
68if [ ! -d "${PEFSDBDIR}" ]; then
69  mkdir -p ${PEFSDBDIR}
70fi
71
72# Save the directory to auto-mount at boot
73grep -q -e "^${USERHOMEDIR}\$" ${PEFSDBDIR}
74if [ $? -ne 0 ] ; then
75  echo "${USERHOMEDIR}" >> ${PEFSDBDIR}/auto_mounts
76fi
77
78# Copy /etc/pam.d/ template files
79cp /usr/local/share/pcbsd/pefs/other /etc/pam.d/other
80cp /usr/local/share/pcbsd/pefs/system /etc/pam.d/system
Note: See TracBrowser for help on using the repository browser.