Changeset dc3db67


Ignore:
Timestamp:
02/07/14 14:33:16 (11 months ago)
Author:
Kris Moore <kris@…>
Branches:
master, releng/10.0.1, releng/10.0.2, releng/10.0.3, releng/10.1
Children:
64b4277
Parents:
384eafd
Message:

Update the enable_user_pefs script, this will do some checking if we are
trying to just "change keys" on an existing user-directory with PEFS. If so, it'll
copy contents out of home-dir, flush keys, and re-setup PEFS on $HOME

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src-sh/xtrafiles/local/bin/enable_user_pefs

    rf6519e3 rdc3db67  
    4141fi 
    4242 
     43# Check if PEFS is enabled here 
     44if [ -e "${USERHOMEDIR}/.pefs.db" ] ; then 
     45   if [ ! -e "${USERHOMEDIR}/.profile" ] ; then 
     46      echo "ERROR: PEFS is already enabled on ${USERHOMEDIR}, but directory is still encrypted!" 
     47      echo "Add your PEFS key to ${USERHOMDIR} before trying again." 
     48      exit 1 
     49   fi 
     50fi 
     51 
    4352echo "Encrypting ${USERHOMEDIR}" 
    4453 
    4554mkdir ${USERHOMEDIR}.$$ 
    46 tar cvf - -C "${USERHOMEDIR}" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}.$$" 2>/dev/null 
    47 rm -rf ${USERHOMEDIR}/* 2>/dev/null 
    48 rm -rf ${USERHOMEDIR}/.* 2>/dev/null 
    49 chown ${USER}:${USER} ${USERHOMEDIR} 
    5055 
    51 pefs mount ${USERHOMEDIR} ${USERHOMEDIR} 
     56echo "Moving homedir contents ${USERHOMEDIR} -> ${USERHOMEDIR}.$$" 
     57mv ${USERHOMEDIR}/* ${USERHOMEDIR}.$$/ 
     58mv ${USERHOMEDIR}/.* ${USERHOMEDIR}.$$/ 
     59 
     60# If already had pefs enabled, remove old pefs.db file 
     61if [ -e ${USERHOMEDIR}.$$/.pefs.db ] ; then 
     62   rm ${USERHOMEDIR}.$$/.pefs.db 
     63fi 
     64 
     65mount | grep -q "on ${USERHOMEDIR} (pefs" 
     66if [ $? -ne 0 ] ; then 
     67  chown ${USER}:${USER} ${USERHOMEDIR} 
     68  pefs mount ${USERHOMEDIR} ${USERHOMEDIR} 
     69else 
     70  pefs flushkeys ${USERHOMEDIR} 
     71fi 
     72 
    5273echo "${USERPW}" | pefs addkey -v -j - ${USERHOMEDIR} 
    5374echo "${USERPW}" | pefs addchain -v -j - -Z ${USERHOMEDIR} 
    5475 
    5576mv ${USERHOMEDIR}/.pefs.db /tmp/.pefs.db.$$ 
    56 tar cvf - -C "${USERHOMEDIR}.$$" . 2>/dev/null | tar xvpf - -C "${USERHOMEDIR}" 2>/dev/null 
    5777 
    58 umount ${USERHOMEDIR} 
     78# Copy files back to homedir 
     79echo "Moving homedir contents back from ${USERHOMEDIR}.$$ -> ${USERHOMEDIR}" 
     80mv ${USERHOMEDIR}.$$/* ${USERHOMEDIR}/ 
     81mv ${USERHOMEDIR}.$$/.* ${USERHOMEDIR}/ 
     82 
     83umount -f ${USERHOMEDIR} 
    5984 
    6085mv /tmp/.pefs.db.$$ ${USERHOMEDIR}/.pefs.db 
Note: See TracChangeset for help on using the changeset viewer.