LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 08-02-2012, 03:08 AM   #1
guna_pmk
Member
 
Registered: Sep 2008
Posts: 220

Rep: Reputation: 5
cryptsetup problem in bash script


Hello,

Here is an excerpt of my bash script

Code:
#!/bin/bash

# Workout the inserted usb stick - for this example assume it is /dev/sdc1 and mounted to /mnt/usb
# Now unlock the encrypted partition and mount
cryptsetup luksOpen --key-file /mnt/usb/mykey /dev/sda7 my_map
mount /dev/mapper/my_map /the/place/to/mount
I have set this script to be invoked automatically through the udev rules, which is as follows:

Code:
ACTION=="add", SUBSYSTEMS=="usb", KERNEL=="sd[a-z]1", RUN+="/usr/local/bin/theabovescript"
When I inserted the USB stick, the above script gets triggered. But, on the cryptsetup line, it fails to unlock the partition. But at the same time, when I open a terminal and execute the script manually, it works without a problem.

I can see a huge difference in the environment in which the script runs when triggered automatically and manually. But I can't figure out how to solve this.

Can somebody please throw some light on this? A solution with an explanation will be very much appreciated.

Thanks

Last edited by guna_pmk; 08-02-2012 at 03:09 AM.
 
Old 08-03-2012, 12:20 PM   #2
YankeePride13
Member
 
Registered: Aug 2012
Distribution: Ubuntu 10.04, CentOS 6.3, Windows 7
Posts: 262

Rep: Reputation: 55
Brainstorming..:

Is cryptsetup installed on the usb stick? Perhaps change your script to have the full path to cryptsetup?
 
Old 08-03-2012, 12:29 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,770

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
My guess is that the script is being run before the automount of /mnt/usb has occurred. You could confirm that by inserting a mount command at the start of your script with output redirected to some file. If that turns out to be the problem, you would just need to add a wait loop to your script.
 
Old 08-03-2012, 04:17 PM   #4
guna_pmk
Member
 
Registered: Sep 2008
Posts: 220

Original Poster
Rep: Reputation: 5
cryptsetup is not installed in the USB (I don't get the point here. cryptsetup is installed in centos by default).

"My guess is that the script is being run before the automount of /mnt/usb has occurred." - As I have said in my question, it is not during the boot. This script is supposed to get triggered whenever a usb stick is inserted - even very long after the OS boot is complete. I am not at all relying on the usb auto mount. In fact it is a headless non-gui server and no one is directly logged on to it (auto mount will only work when somebody is logged on to a desktop environment).

Again, what I am trying to do is getting a script triggered immediately when a USB storage is inserted, which will look for a particular key in it and will unlock encrypted container(s)/partition(s) using that key.

Thanks for your time guys.
 
Old 08-03-2012, 06:04 PM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,770

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
My confusion is due to this:
Quote:
Originally Posted by guna_pmk View Post
Code:
#!/bin/bash

# Workout the inserted usb stick - for this example assume it is /dev/sdc1 and mounted to /mnt/usb
# Now unlock the encrypted partition and mount
cryptsetup luksOpen --key-file /mnt/usb/mykey /dev/sda7 my_map
mount /dev/mapper/my_map /the/place/to/mount
If the inserted usb stick is mounted to /mnt/usb and the key file is on /mnt/usb/mykey, then the key file is on the stick you just inserted. Now you're saying that is not the case??
 
Old 08-04-2012, 04:53 PM   #6
guna_pmk
Member
 
Registered: Sep 2008
Posts: 220

Original Poster
Rep: Reputation: 5
Hi rknicholos,

Sorry for the confusion. I just thought it is needless to show the steps to discover and mount the usb. But if it confused you then mistake is mine. The script gets triggered(when the usb stick is plugged in) and I could manage to sort out which device that the usb is associated to (/dev/sd[cdef][0-9] etc.) and mount it to /mnt/usb. The problem is the cyptsetup itself. It just fails to perform the luksOpen. I don't get an error message. I get only a non-zero exit value.

But after inserting the usb stick (and after the script failed to perform the cryptsetup luksOpen) if run the script for the command line, it works without any problem.

Hope this clarifies my issue. Please let me know otherwise.

Thanks
 
Old 08-04-2012, 06:19 PM   #7
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,770

Rep: Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210Reputation: 2210
OK. I guess I'm just filling in the missing pieces wrong.

If you have SELinux enabled, have you checked for complaints, or tried running in permissive mode? It wouldn't surprise me to learn that trigger scripts got invoked as a fairly restricted type.
 
Old 08-09-2012, 07:42 AM   #8
guna_pmk
Member
 
Registered: Sep 2008
Posts: 220

Original Poster
Rep: Reputation: 5
Sorry for the delayed reply guys. I have got caught up with other things.

But I quickly tried a test (tiny) partition ie. created a partition of 1G, encrypted it and tried to unlock it automatically through the udev. That seems to be working. There may be something in my script that might have broken things. As the partition I am having problems with is live, I will have to find a right time to take it offline and debug it. I will keep you posted.

Thanks for you help guys.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem running an Expect script within a Bash script mbeipi Programming 9 02-10-2018 05:00 AM
[SOLVED] Problem in exporting variable from bash script to expect script uk.engr Linux - Newbie 3 06-14-2012 01:57 AM
[SOLVED] problem with cryptsetup skoinga Linux - Security 4 11-30-2010 05:52 AM
Bash script problem with ftp session exiting the script early edomingox Programming 5 02-23-2010 05:39 AM
[SOLVED] bash : getopts problem in bash script. angel115 Programming 2 03-02-2009 10:53 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration