You are not logged in.

Pages: 1

#1 2015-08-30 16:56:51

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,700
Website

Systemd user service needs to wait for encrypted $HOME to be decrypted

Assuming a user has an encrypted $HOME, I need a user service that will:

1) Wait for the $HOME to be decrypted, then run ExecStart, and
2) Run ExecStop before the user closes the encryption again.
3) Totally ignore the encryption requirement if the user has no encryption setup, ie just run normally.

I haven't dealt this requirement before so I'm asking for suggestions.  The following is the current user service file draft:

[Unit]
Description=Profile-sync-daemon
Documentation=man:psd(1) man:profile-sync-daemon(1)
Documentation=https://wiki.archlinux.org/index.php/Profile-sync-daemon
Wants=psd.timer
Wants=local-fs.target
RequiresMountsFor=/home/
After=winbindd.service

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/bin/profile-sync-daemon resync
ExecStop=/usr/bin/profile-sync-daemon unsync

[Install]
WantedBy=default.target

Thanks!

Last edited by graysky (2015-08-30 17:00:23)

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2015-08-30 19:38:37

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,489

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

You write

graysky wrote:

The following is the current user service file draft:

This seems to imply it is going to be used as a systemd user service, which makes sense for your daemon and also means the service resides in ~/.config/systemd/user/. Hence, the respective $HOME would be mounted already anyway or not?

Offline

#3 2015-08-31 05:31:12

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,700
Website

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

@Strike0 - Not exactly, PKG-provided user services go to /usr/lib/systemd/user

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#4 2015-08-31 09:15:49

Strike0
Member
From: Germany
Registered: 2011-09-05
Posts: 1,489

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

Ok, yes. Tricky to make it universal. Users may have different types of encryption. Most probably use blockdevice encryption (LUKS), which means /home is mounted for all users at boot and should not pose a problem (unless the user has an unusual separate $HOME mount).
If a user uses stacked-encryption (encryptfs, encfs), $HOME usually is mounted but not decrypted yet - this only happens at user-login. Hence, this case would be broken. But you may get a combination also, some users' $HOME may be available, others not yet. Since systemd user is not aware of this, the only wayout in this case may be to place _all_ user service files into respective ~/.config/systemd/user/ dirs (and make them override the package installed one - perhaps you can make them override it by using a psd@user.service template unit). The problem is exactly what is described in the big note in https://wiki.archlinux.org/index.php/Sy … w_it_works
I know this is not what you intend to work out. If I have another idea, I'll return.

Offline

#5 2015-09-02 10:12:17

esa
Member
Registered: 2011-12-29
Posts: 143
Website

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

AFAIK, as long the user has a home partition, regardless if encrypted or not, this (last line) should work (does for me):

[Unit]
Description=Wifi-home

[Service]
Type=oneshot
ExecStart=/home/sea/prjs/connect/connect wifi home
ExecStop=/home/sea/prjs/connect/connect wifi restart
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
After=home.mount

hth

Author of: TUI (Text User Interface for scripts), VHS (Video Handler Script, using ffmpeg) and YASSI (Yet Another Simple Script Installer)

Offline

#6 2015-09-04 09:24:57

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,700
Website

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

I could add the home.mount target (already have the RequiresMountsFor directive though), but I want the stop line to get executed when the user logs out or otherwise encrypts the home partition... Actually, the stop line NEEDS to be triggered by the encryption/logout and must occur before it happened.  I don't know how to do that.... Anyone?

Last edited by graysky (2015-09-04 09:26:26)

CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#7 2016-01-24 04:03:58

tolga9009
Member
From: Germany
Registered: 2010-01-08
Posts: 62

Re: Systemd user service needs to wait for encrypted $HOME to be decrypted

I'm in a similar situation at the moment. Did you fix it @graysky? Btw. home.mount is not universally available. E.g. on my system, I only have an EFI boot partition and a partition for root. No home partition and therefore no home.mount. Does waiting for crytpsetup fix this (partly)?

Offline

Pages: 1

Board footer

Powered by FluxBB