From Gentoo Wiki
Jump to: navigation, search


The PAM module allows systems to automatically mount file systems when a user logs on, and unmount file systems when the user logs off.


USE flags

The sys-auth/pam_mount package has a few USE flags that it supports:

USE flags for sys-auth/pam_mount A PAM module that can mount volumes for a user session


To install the package, just emerge it:

root #emerge --ask sys-auth/pam_mount


No specific configuration is needed for the installation itself. The actual configuration entries are mentioned below under the [#Usage|Usage] section.


Mounting regular file systems

Edit the PAM configuration file in which the mount action has to be configured. Add the required call to for auth and session as shown in the next example:

FILE /etc/pam.d/system-login"Enable pam_mount in the proper service"
auth		required onerr=succeed
auth		required 
auth		required 
auth		include		system-auth
auth		optional

account		required 
account		required 
account		include		system-auth
account		required onerr=succeed

password	include		system-auth

session         optional
session		required 
session		optional silent 
session		include		system-auth
session		optional nox11
session		optional motd=/etc/motd
session		optional
session		optional

Next, edit or create the following configuration file:

FILE /etc/security/pam_mount.conf.xml"Configure pam_mount"
  <volume user="your username" fstype="ext4" path="/dev/sdxn" mountpoint="/somewhere" option="fsck" />
  <debug enable="1" />

This file will establish the file systems to mount when a particular user logs on. Of course, replace the example values with actual ones.

Mounting encrypted file systems (dm-crypt/LUKS)

One might want to mount devices encrypted with cryptsetup. At the moment it's managed by pam_mount automatically. You just need to state ``fstype="crypt"`` in configuration file:

FILE /etc/security/pam_mount.conf.xml
  <volume user="username" fstype="crypt" path="/dev/sdXN" mountpoint="/somewhere" option="fsck" />
  <debug enable="1" />

For other kind of encrypted file systems you may specify your customization for mount programs.

FILE /etc/security/pam_mount.conf.xml
<cryptmount>mount.crypt ...</cryptmount>
<cryptumount>umount.crypt %(MNTPT)</cryptumount>

Look man pam_mount.conf for details.


Before removing the package, make sure that no PAM configuration file refers to the module anymore:

user $grep pam_mount /etc/pam.d/*

If no file refers to it anymore, then the package is safe to unmerge:

root #emerge --ask --depclean sys-auth/pam_mount

See also

  • PAM — allows (third party) services to provide an authentication module for their service which can then be used on PAM enabled systems.