JP Vossen on 9 Jan 2011 12:51:22 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux n00b question


Date: Sun, 9 Jan 2011 14:09:59 -0500
From: "K.S. Bhaskar"<bhaskar@bhaskars.com>
Subject: Re: [PLUG] Linux n00b question

I always set up a system with two alternate root partitions.

Yeah, I usually do that using RAID1, but on a laptop with 1 drive this is better (since it'll actually work). John K just suggested that too. Nice.

[...]
I always set up an encrypted /home.? But I configure my PC so that I
can login without /home mounted. When I cross an international border
with my laptop, I always cross it with the laptop powered down. Then
if I am asked to boot it, I boot it, and can login - but it will be an
innocuous /home, not my real /home (not that I have ever been asked to
boot my laptop - just a sensible precaution, IMHO). To mount the
encrypted /home, I login as root and run a shell script:

Neat idea. I have to think about that. If you do not have /home/ as a separate partition, you could also just do a loopback mount of some other (encrypted) FS on top of /home/... Hummm...


#!/bin/bash
#
# Get password and mount /home
#
umount /home>&/tmp/umounthome_$$_`date +%Y%m%d%H%M%S`.log
cryptsetup remove sda2-aes>&/tmp/cryptsetupremove_$$_`date +%Y%m%d%H%M%S`.log
cryptsetup -c aes -s 256 create sda2-aes /dev/sda2
2>/tmp/cryptsetup_$$_`date +%Y%m%d%H%M%S`.log
fsck -a -t jfs /dev/mapper/sda2-aes | tee /tmp/fsck_$$_`date +%Y%m%d%H%M%S`.log
mount -o relatime /dev/mapper/sda2-aes /home>&/tmp/mount_$$_`date
+%Y%m%d%H%M%S`.log
swapon /home/swap

Oh, you're killing me!!! Personal pet peeve: running external programs (like date) during every line of your script unnecessarily. Yes, for this script it doesn't matter; it's still a bad habit. :-)

More efficient (alignment is more personal preference):

LOG_FILE="/tmp/umounthome_$$_`date +%Y%m%d%H%M%S`.log"
FSCK_LOG_FILE="/tmp/fsck_$$_`date +%Y%m%d%H%M%S`.log"
umount /home                                       >& $LOG_FILE
cryptsetup remove sda2-aes                         >& $LOG_FILE
cryptsetup -c aes -s 256 create sda2-aes /dev/sda2 2> $LOG_FILE
fsck -a -t jfs /dev/mapper/sda2-aes             | tee $FSCK_LOG_FILE
mount -o relatime /dev/mapper/sda2-aes /home       >& $LOG_FILE
swapon /home/swap


FYI, bash 4.2 will introduce new printf arguments to just "printf" the date. It's always bugged me that the shell knows what time it is (e.g. the prompt \D argument) but you need to use an external program to display it in a script. As of bash 4.2 you don't anymore. I suggested that to Chet a while ago, but to be fair other shells have also implemented it (*cough* Paul, zsh, I think *cough* :), so I'm not sure what prompted him to add it to bash.

Later,
JP
----------------------------|:::======|-------------------------------
JP Vossen, CISSP            |:::======|      http://bashcookbook.com/
My Account, My Opinions     |=========|      http://www.jpsdomain.org/
----------------------------|=========|-------------------------------
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug