Hi I have asked for support on the Ubuntu forums, and many non distro linux forums, I thought someone here might be able to help me as I am trying to mount a logical volume with write access that is part of a crypsetup encrypted physical volume - I figured people on this mailing list would have experience of this. Is the encryption method I used best practice? On 27 April 2014 21:32, Arno Wagner <arno@xxxxxxxxxxx> wrote: > Sounds like a problem you should complain to Ubuntu about. > This mailing list here is only for the raw "cryptsetup" > command... > > Arno > > On Sun, Apr 27, 2014 at 19:00:00 CEST, Dáire Fagan wrote: >> Hi >> >> Although the /dev/mapper/vg-shared volume mounts at boot automatically >> like /root and /home, and although I can open it without having to >> enter the passphrase again, I cannot create files on it. >> >> From the commands below, that I used to set up /root, /home, and swap >> mounting at boot with a single passphrase entry, I have tried >> replacing the command 'sudo mount /dev/vg/ubuntu-root /mnt' with 'sudo >> mount /dev/vg/shared /mnt' but then when i go onto the next command >> 'sudo chroot /mnt mount /proc' it gives me the error 'chroot: failed >> to run command ‘mount’: No such file or directory'. >> >> Can anyone tell me how I should edit the following commands so that >> /dev/vg/-shared not only mounts at boot, but I can also write to it? >> Is my encryption method below best practice, apart from needing to run >> cryptsetup first? Is there anyway to have the partition appear as >> /media/daire/shared instead of a long /media/daire/long-hex-string? >> >> sudo cryptsetup luksOpen /dev/sda6 enc-pv >> Enter passphrase for /dev/sda6: >> sudo mount /dev/vg/ubuntu-root /mnt >> sudo chroot /mnt mount /proc >> sudo mount --bind /dev /mnt/dev >> sudo chroot /mnt mount /boot >> sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none >> luks" | sudo tee -a /mnt/etc/crypttab >> enc-pv UUID=ad8b8a32-95ea-4add-abe6- >> 326d151e30fa none luks >> sudo chroot /mnt update-initramfs -u >> update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic >> sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt >> >> Would it messy to just use something like sudo chown -R $daire:$daire >> /mnt/shared ? >> >> ================================================================================== >> >> If you need more information the following is how I have encrypted the >> /root, /home, and swap partitions on a disk already containing Windows >> 8.1 and only require a single passphrase entry on boot: >> >> (I have read the Ubuntu alternate install CD used to offer this option >> before Canonical cancelled it) >> >> I create 500 MiB ext4 sda5 partition that will later be assigned as >> /boot (UEFI Win 8.1 partitions on sda1, sda2, sda3, and sda4) >> >> sudo dd if=/dev/urandom of=/dev/sda6 >> >> 12 hours elapse. >> >> dd: writing to ‘/dev/sda6’: No space left on device >> 660092929+0 records in >> 660092928+0 records out >> 337967579136 bytes (338 GB) copied, 39571.4 s, 8.5 MB/s[/CODE] >> >> [modprobe dm-crypt >> modprobe aes-x86_64 >> modprobe sha256 >> >> When I do this over I will run cryptsetup benchmark first to see which >> iteration and algorithm works best for my system. >> >> sudo cryptsetup luksFormat /dev/sda6 >> >> WARNING! >> ======== >> This will overwrite data on /dev/sda6 irrevocably. >> >> Are you sure? (Type uppercase yes): YES >> Enter passphrase: >> Verify passphrase: >> sudo cryptsetup luksOpen /dev/sda6 enc-pv >> Enter passphrase for /dev/sda6: >> >> sudo pvcreate /dev/mapper/enc-pv >> Physical volume "/dev/mapper/enc-pv" successfully created >> sudo vgcreate vg /dev/mapper/enc-pv >> Volume group "vg" successfully created >> sudo lvcreate -L 8.5G -n swap vg >> Logical volume "swap" created >> sudo lvcreate -L 20G -n ubuntu-root vg >> Logical volume "ubuntu-root" created >> sudo lvcreate -L 50G -n ubuntu-home vg >> Logical volume "ubuntu-home" created >> sudo lvcreate -L 140G -n shared vg >> Logical volume "shared" created >> >> sudo lvdisplay >> --- Logical volume --- >> LV Path /dev/vg/swap >> LV Name swap >> VG Name vg >> LV UUID EMSdc1-yTSS-FF9W-5vcv-jEwF-OeF7-5oOoEI >> LV Write Access read/write >> LV Creation host, time ubuntu, 2014-04-23 12:57:17 +0000 >> LV Status available >> # open 0 >> LV Size 8.50 GiB >> Current LE 2176 >> Segments 1 >> Allocation inherit >> Read ahead sectors auto >> - currently set to 256 >> Block device 252:1 >> >> --- Logical volume --- >> LV Path /dev/vg/ubuntu-root >> LV Name ubuntu-root >> VG Name vg >> LV UUID TCPIIE-fGv0-3tz8-XP3R-1c9Z-E18R-XTbcOd >> LV Write Access read/write >> LV Creation host, time ubuntu, 2014-04-23 12:58:41 +0000 >> LV Status available >> # open 0 >> LV Size 20.00 GiB >> Current LE 5120 >> Segments 1 >> Allocation inherit >> Read ahead sectors auto >> - currently set to 256 >> Block device 252:2 >> >> --- Logical volume --- >> LV Path /dev/vg/shared >> LV Name shared >> VG Name vg >> LV UUID dPHDeT-52zj-7bAx-xjzP-p4yC-kXoo-aw7Eac >> LV Write Access read/write >> LV Creation host, time ubuntu, 2014-04-23 12:59:50 +0000 >> LV Status available >> # open 0 >> LV Size 140.00 GiB >> Current LE 35840 >> Segments 1 >> Allocation inherit >> Read ahead sectors auto >> - currently set to 256 >> Block device 252:4 >> >> --- Logical volume --- >> LV Path /dev/vg/ubuntu-home >> LV Name ubuntu-home >> VG Name vg >> LV UUID pWFs3D-MXrh-bMez-68r0-4yPc-zMTo-MGhNF1 >> LV Write Access read/write >> LV Creation host, time ubuntu, 2014-04-23 13:06:11 +0000 >> LV Status available >> # open 0 >> LV Size 50.00 GiB >> Current LE 12800 >> Segments 1 >> Allocation inherit >> Read ahead sectors auto >> - currently set to 256 >> Block device 252:3 >> >> sudo vgdisplay | grep -i free >> Free PE / Size 24641 / 96.25 GiB[/CODE] >> >> sudo mkfs.ext4 /dev/mapper/vg-shared >> >> mke2fs 1.42.9 (4-Feb-2014) >> Filesystem label= >> OS type: Linux >> Block size=4096 (log=2) >> Fragment size=4096 (log=2) >> Stride=0 blocks, Stripe width=0 blocks >> 9175040 inodes, 36700160 blocks >> 1835008 blocks (5.00%) reserved for the super user >> First data block=0 >> Maximum filesystem blocks=4294967296 >> 1120 block groups >> 32768 blocks per group, 32768 fragments per group >> 8192 inodes per group >> Superblock backups stored on blocks: >> 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, >> 4096000, 7962624, 11239424, 20480000, 23887872 >> >> Allocating group tables: done >> Writing inode tables: done >> Creating journal (32768 blocks): done >> Writing superblocks and filesystem accounting information: done >> >> There was similar output for: >> >> sudo mkfs.ext4 /dev/mapper/vg-ubuntu-root >> sudo mkfs.ext4 /dev/mapper/vg-ubuntu-home >> >> I may have needed to add an extra hyphen, like vg-ubuntu--root >> >> Next I opened the Ubuntu 14.04 installer and selected 'something >> else'. I assigned /boot to the 500 MiB partition on sda5 and then >> /root, /home, and swap to the logical /dev/mapper/vg volumes. >> >> After Ubuntu installs, before rebooting from the live USB, I entered >> the following: >> >> sudo cryptsetup luksOpen /dev/sda6 enc-pv >> Enter passphrase for /dev/sda6: >> sudo mount /dev/vg/ubuntu-root /mnt >> sudo chroot /mnt mount /proc >> sudo mount --bind /dev /mnt/dev >> sudo chroot /mnt mount /boot >> sudo echo "enc-pv UUID=`sudo blkid -s UUID -o value /dev/sda6` none >> luks" | sudo tee -a /mnt/etc/crypttab >> enc-pv UUID=ad8b8a32-95ea-4add-abe6-326d151e30fa none luks >> sudo chroot /mnt update-initramfs -u >> update-initramfs: Generating /boot/initrd.img-3.13.0-24-generic >> sudo umount /mnt/proc /mnt/dev /mnt/boot /mnt >> >> On reboot Ubuntu boots asking for only one entry of the passphrase >> instead of three, one for each encrypted volume. >> >> ================================================================== >> >> Thanks >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@xxxxxxxx >> http://www.saout.de/mailman/listinfo/dm-crypt > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx > GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 > ---- > A good decision is based on knowledge and not on numbers. - Plato > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
