Next: , Previous: , Up: Services   [Contents][Index]


10.9.30 PAM Mount Service

The (gnu services pam-mount) module provides a service allowing users to mount volumes when they log in. It should be able to mount any volume format supported by the system.

Variable: Scheme Variable pam-mount-service-type

Service type for PAM Mount support.

Data Type: pam-mount-configuration

Data type representing the configuration of PAM Mount.

It takes the following parameters:

rules

The configuration rules that will be used to generate /etc/security/pam_mount.conf.xml.

The configuration rules are SXML elements (see SXML in GNU Guile Reference Manual), and the default ones don’t mount anything for anyone at login:

`((debug (@ (enable "0")))
  (mntoptions (@ (allow ,(string-join
                          '("nosuid" "nodev" "loop"
                            "encryption" "fsck" "nonempty"
                            "allow_root" "allow_other")
                          ","))))
  (mntoptions (@ (require "nosuid,nodev")))
  (logout (@ (wait "0")
             (hup "0")
             (term "no")
             (kill "no")))
  (mkmountpoint (@ (enable "1")
                   (remove "true"))))

Some volume elements must be added to automatically mount volumes at login. Here’s an example allowing the user alice to mount her encrypted HOME directory and allowing the user bob to mount the partition where he stores his data:

(define pam-mount-rules
`((debug (@ (enable "0")))
            (volume (@ (user "alice")
                       (fstype "crypt")
                       (path "/dev/sda2")
                       (mountpoint "/home/alice")))
            (volume (@ (user "bob")
                       (fstype "auto")
                       (path "/dev/sdb3")
                       (mountpoint "/home/bob/data")
                       (options "defaults,autodefrag,compress")))
            (mntoptions (@ (allow ,(string-join
                                    '("nosuid" "nodev" "loop"
                                      "encryption" "fsck" "nonempty"
                                      "allow_root" "allow_other")
                                    ","))))
            (mntoptions (@ (require "nosuid,nodev")))
            (logout (@ (wait "0")
                       (hup "0")
                       (term "no")
                       (kill "no")))
            (mkmountpoint (@ (enable "1")
                             (remove "true")))))

(service pam-mount-service-type
         (pam-mount-configuration
           (rules pam-mount-rules)))

The complete list of possible options can be found in the man page for pam_mount.conf.


Next: , Previous: , Up: Services   [Contents][Index]