You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been using linux with zfs on root and encrypted home dataset for a few years now and wanted to switch from pam_zfscrypt to zfs-pam for handling decrypting and mounting the home dataset at login.
As I'm not using a systemd distro (I'm using void linux which uses runit) adding the property org.openzfs.systemd:ignore=on doesn't work for preventing encrypted datasets being mounted during boot (and thus asking for password) - instead of only at login.
As I see it, there's only such a property for systemd available in the zfs code.
Now, I could remove the -l in the line zfs mount -a -l that gets executed during boot on void linux to avoid mounting encrypted datasets, i.e. having a password prompt interrupting the boot process. That would work fine on my setup as I'm not using encrypted root.
But I was wondering if there was a more universal / elegant way to solve the above issue.
I'm not sure if allowing zfs-pam to mount datasets with canmount=noauto would solve the issue or not.
Adding properties for other service managers in addition to systemd analogue to the one mentioned above would probably help, but not sure what the stance by the openzfs devs is for doing such.
Maybe there's another possible easy solution I'm not aware of?
Thank in advance for any help / clarification!
[Edit]:
Maybe adding a flag / property like this
org.openzfs.pam=yes
or
org.openzfs.pam:user=[user name]
in combination with canmount=noauto to make such marked datasets only be mounted by pam or manual mounting would solve the issue and make the existing "one-trick-pony" (i.e. only working for systemd) org.openzfs.systemd:ignore=on obsolete?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I have been using linux with zfs on root and encrypted home dataset for a few years now and wanted to switch from pam_zfscrypt to zfs-pam for handling decrypting and mounting the home dataset at login.
As I'm not using a systemd distro (I'm using void linux which uses runit) adding the property
org.openzfs.systemd:ignore=ondoesn't work for preventing encrypted datasets being mounted during boot (and thus asking for password) - instead of only at login.As I see it, there's only such a property for systemd available in the zfs code.
Now, I could remove the
-lin the linezfs mount -a -lthat gets executed during boot on void linux to avoid mounting encrypted datasets, i.e. having a password prompt interrupting the boot process. That would work fine on my setup as I'm not using encrypted root.But I was wondering if there was a more universal / elegant way to solve the above issue.
I'm not sure if allowing zfs-pam to mount datasets with
canmount=noautowould solve the issue or not.Adding properties for other service managers in addition to systemd analogue to the one mentioned above would probably help, but not sure what the stance by the openzfs devs is for doing such.
Maybe there's another possible easy solution I'm not aware of?
Thank in advance for any help / clarification!
[Edit]:
Maybe adding a flag / property like this
org.openzfs.pam=yesor
org.openzfs.pam:user=[user name]in combination with
canmount=noautoto make such marked datasets only be mounted by pam or manual mounting would solve the issue and make the existing "one-trick-pony" (i.e. only working for systemd)org.openzfs.systemd:ignore=onobsolete?Beta Was this translation helpful? Give feedback.
All reactions