The pam_mount.so PAM module allows systems to automatically mount file systems when a user logs on, and unmount file systems when the user logs off.
The sys-auth/pam_mount package has a few USE flags that it supports:
USE flags for sys-auth/pam_mount A PAM module that can mount volumes for a user session
||Add support for encryption -- using mcrypt or gpg where applicable|
||Use dev-libs/libressl instead of dev-libs/openssl when applicable (see also the ssl useflag)|
||!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur|
||Add support for SSL/TLS connections (Secure Socket Layer / Transport Layer Security)|
To install the package, just emerge it:
emerge --ask sys-auth/pam_mount
No specific configuration is needed for the installation itself. The actual configuration entries are mentioned below under the Usage section.
Mounting regular file systems
Edit the PAM configuration file in which the mount action has to be configured. Add the required call to pam_mount.so for
session as shown in the next example:
auth required pam_tally2.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth auth optional pam_mount.so account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally2.so onerr=succeed password include system-auth session optional pam_loginuid.so session required pam_env.so session optional pam_lastlog.so silent session include system-auth session optional pam_ck_connector.so nox11 session optional pam_motd.so motd=/etc/motd session optional pam_mail.so session optional pam_mount.so
Next, edit or create the following configuration file:
<pam_mount> <volume user="your username" fstype="ext4" path="/dev/sdxn" mountpoint="/somewhere" option="fsck" /> <debug enable="1" /> </pam_mount>
This file will establish the file systems to mount when a particular user logs on. Of course, replace the example values with actual ones.
Mounting encrypted file systems (dm-crypt/LUKS)
One might want to mount devices encrypted with cryptsetup. At the moment it's managed by pam_mount automatically, just add
fstype="crypt" to the configuration file:
<pam_mount> <volume user="username" fstype="crypt" path="/dev/sdXN" mountpoint="/somewhere" option="fsck" /> <debug enable="1" /> </pam_mount>
For other kind of encrypted file systems specify the appropriate customization for mount programs.
<cryptmount>mount.crypt ...</cryptmount> <cryptumount>umount.crypt %(MNTPT)</cryptumount>
See man pam_mount.conf for details.
Before removing the package, make sure that no PAM configuration file refers to the module anymore:
grep pam_mount /etc/pam.d/*
If no file refers to it anymore, then the package is safe to unmerge:
emerge --ask --depclean --verbose sys-auth/pam_mount
- PAM — allows (third party) services to provide an authentication module for their service which can then be used on PAM enabled systems.