The pam_mount.so PAM module allows systems to automatically mount file systems when a user logs on, and unmount file systems when the user logs off.
The sys-auth/pam_mount package has a few USE flags that it supports:
USE flags for sys-auth/pam_mount A PAM module that can mount volumes for a user session
||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur||global|
To install the package, just emerge it:
emerge --ask sys-auth/pam_mount
No specific configuration is needed for the installation itself. The actual configuration entries are mentioned below under the [#Usage|Usage] section.
Mounting regular file systems
Edit the PAM configuration file in which the mount action has to be configured. Add the required call to pam_mount.so for
session as shown in the next example:
auth required pam_tally2.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth auth optional pam_mount.so account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally2.so onerr=succeed password include system-auth session optional pam_loginuid.so session required pam_env.so session optional pam_lastlog.so silent session include system-auth session optional pam_ck_connector.so nox11 session optional pam_motd.so motd=/etc/motd session optional pam_mail.so session optional pam_mount.so
Next, edit or create the following configuration file:
<pam_mount> <volume user="your username" fstype="ext4" path="/dev/sdxn" mountpoint="/somewhere" option="fsck" /> <debug enable="1" /> </pam_mount>
This file will establish the file systems to mount when a particular user logs on. Of course, replace the example values with actual ones.
Mounting encrypted file systems (dm-crypt/LUKS)
One might want to mount devices encrypted with cryptsetup. At the moment it's managed by pam_mount automatically. You just need to state ``fstype="crypt"`` in configuration file:
<pam_mount> <volume user="username" fstype="crypt" path="/dev/sdXN" mountpoint="/somewhere" option="fsck" /> <debug enable="1" /> </pam_mount>
For other kind of encrypted file systems you may specify your customization for mount programs.
<cryptmount>mount.crypt ...</cryptmount> <cryptumount>umount.crypt %(MNTPT)</cryptumount>
Look man pam_mount.conf for details.
Before removing the package, make sure that no PAM configuration file refers to the module anymore:
grep pam_mount /etc/pam.d/*
If no file refers to it anymore, then the package is safe to unmerge:
emerge --ask --depclean sys-auth/pam_mount
- PAM — allows (third party) services to provide an authentication module for their service which can then be used on PAM enabled systems.