Sounds like a problem you should complain to Ubuntu about. This mailing list here is only for the raw "cryptsetup" command... Arno On Sun, Apr 27, 2014 at 19:00:00 CEST, Dáire Fagan wrote: > Hi > > Although the /dev/mapper/vg-shared volume mounts at boot automatically > like /root and /home, and although I can open it without having to > enter the passphrase again, I cannot create files on it. > > From the commands below, that I used to set up /root, /home, and swap > mounting at boot with a single passphrase entry, I have tried > replacing the command 'sudo mount /dev/vg/ubuntu-root /mnt' with 'sudo > mount /dev/vg/shared /mnt' but then when i go onto the next command > 'sudo chroot /mnt mount /proc' it gives me the error 'chroot: failed > to run command ‘mount’: No such file or directory'. > > Can anyone tell me how I should edit the following commands so that > /dev/vg/-shared not only mounts at boot, but I can also write to it? > Is my encryption method below best practice, apart from needing to run > cryptsetup first? Is there anyway to have the partition appear as > /media/daire/shared instead of a long /media/daire/long-hex-string? > > sudo cryptsetup luksOpen /dev/sda6 enc-pv > Enter passphrase for /dev/sda6: > sudo mount /dev/vg/ubuntu-root /mnt > sudo chroot /mnt mount /proc > sudo mount --bind /dev /mnt/dev > sudo chroot /mnt mount /boot > sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none > luks" | sudo tee -a /mnt/etc/crypttab > enc-pv UUID=ad8b8a32-95ea-4add-abe6- > 326d151e30fa none luks > sudo chroot /mnt update-initramfs -u > update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic > sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt > > Would it messy to just use something like sudo chown -R $daire:$daire > /mnt/shared ? > > ================================================================================== > > If you need more information the following is how I have encrypted the > /root, /home, and swap partitions on a disk already containing Windows > 8.1 and only require a single passphrase entry on boot: > > (I have read the Ubuntu alternate install CD used to offer this option > before Canonical cancelled it) > > I create 500 MiB ext4 sda5 partition that will later be assigned as > /boot (UEFI Win 8.1 partitions on sda1, sda2, sda3, and sda4) > > sudo dd if=/dev/urandom of=/dev/sda6 > > 12 hours elapse. > > dd: writing to ‘/dev/sda6’: No space left on device > 660092929+0 records in > 660092928+0 records out > 337967579136 bytes (338 GB) copied, 39571.4 s, 8.5 MB/s[/CODE] > > [modprobe dm-crypt > modprobe aes-x86_64 > modprobe sha256 > > When I do this over I will run cryptsetup benchmark first to see which > iteration and algorithm works best for my system. > > sudo cryptsetup luksFormat /dev/sda6 > > WARNING! > ======== > This will overwrite data on /dev/sda6 irrevocably. > > Are you sure? (Type uppercase yes): YES > Enter passphrase: > Verify passphrase: > sudo cryptsetup luksOpen /dev/sda6 enc-pv > Enter passphrase for /dev/sda6: > > sudo pvcreate /dev/mapper/enc-pv > Physical volume "/dev/mapper/enc-pv" successfully created > sudo vgcreate vg /dev/mapper/enc-pv > Volume group "vg" successfully created > sudo lvcreate -L 8.5G -n swap vg > Logical volume "swap" created > sudo lvcreate -L 20G -n ubuntu-root vg > Logical volume "ubuntu-root" created > sudo lvcreate -L 50G -n ubuntu-home vg > Logical volume "ubuntu-home" created > sudo lvcreate -L 140G -n shared vg > Logical volume "shared" created > > sudo lvdisplay > --- Logical volume --- > LV Path /dev/vg/swap > LV Name swap > VG Name vg > LV UUID EMSdc1-yTSS-FF9W-5vcv-jEwF-OeF7-5oOoEI > LV Write Access read/write > LV Creation host, time ubuntu, 2014-04-23 12:57:17 +0000 > LV Status available > # open 0 > LV Size 8.50 GiB > Current LE 2176 > Segments 1 > Allocation inherit > Read ahead sectors auto > - currently set to 256 > Block device 252:1 > > --- Logical volume --- > LV Path /dev/vg/ubuntu-root > LV Name ubuntu-root > VG Name vg > LV UUID TCPIIE-fGv0-3tz8-XP3R-1c9Z-E18R-XTbcOd > LV Write Access read/write > LV Creation host, time ubuntu, 2014-04-23 12:58:41 +0000 > LV Status available > # open 0 > LV Size 20.00 GiB > Current LE 5120 > Segments 1 > Allocation inherit > Read ahead sectors auto > - currently set to 256 > Block device 252:2 > > --- Logical volume --- > LV Path /dev/vg/shared > LV Name shared > VG Name vg > LV UUID dPHDeT-52zj-7bAx-xjzP-p4yC-kXoo-aw7Eac > LV Write Access read/write > LV Creation host, time ubuntu, 2014-04-23 12:59:50 +0000 > LV Status available > # open 0 > LV Size 140.00 GiB > Current LE 35840 > Segments 1 > Allocation inherit > Read ahead sectors auto > - currently set to 256 > Block device 252:4 > > --- Logical volume --- > LV Path /dev/vg/ubuntu-home > LV Name ubuntu-home > VG Name vg > LV UUID pWFs3D-MXrh-bMez-68r0-4yPc-zMTo-MGhNF1 > LV Write Access read/write > LV Creation host, time ubuntu, 2014-04-23 13:06:11 +0000 > LV Status available > # open 0 > LV Size 50.00 GiB > Current LE 12800 > Segments 1 > Allocation inherit > Read ahead sectors auto > - currently set to 256 > Block device 252:3 > > sudo vgdisplay | grep -i free > Free PE / Size 24641 / 96.25 GiB[/CODE] > > sudo mkfs.ext4 /dev/mapper/vg-shared > > mke2fs 1.42.9 (4-Feb-2014) > Filesystem label= > OS type: Linux > Block size=4096 (log=2) > Fragment size=4096 (log=2) > Stride=0 blocks, Stripe width=0 blocks > 9175040 inodes, 36700160 blocks > 1835008 blocks (5.00%) reserved for the super user > First data block=0 > Maximum filesystem blocks=4294967296 > 1120 block groups > 32768 blocks per group, 32768 fragments per group > 8192 inodes per group > Superblock backups stored on blocks: > 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, > 4096000, 7962624, 11239424, 20480000, 23887872 > > Allocating group tables: done > Writing inode tables: done > Creating journal (32768 blocks): done > Writing superblocks and filesystem accounting information: done > > There was similar output for: > > sudo mkfs.ext4 /dev/mapper/vg-ubuntu-root > sudo mkfs.ext4 /dev/mapper/vg-ubuntu-home > > I may have needed to add an extra hyphen, like vg-ubuntu--root > > Next I opened the Ubuntu 14.04 installer and selected 'something > else'. I assigned /boot to the 500 MiB partition on sda5 and then > /root, /home, and swap to the logical /dev/mapper/vg volumes. > > After Ubuntu installs, before rebooting from the live USB, I entered > the following: > > sudo cryptsetup luksOpen /dev/sda6 enc-pv > Enter passphrase for /dev/sda6: > sudo mount /dev/vg/ubuntu-root /mnt > sudo chroot /mnt mount /proc > sudo mount --bind /dev /mnt/dev > sudo chroot /mnt mount /boot > sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none > luks" | sudo tee -a /mnt/etc/crypttab > enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks > sudo chroot /mnt update-initramfs -u > update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic > sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt > > On reboot Ubuntu boots asking for only one entry of the passphrase > instead of three, one for each encrypted volume. > > ================================================================== > > Thanks > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
