Hi! Greetings to the ArchLinux community!
First of all I have to say that I'm very impressed about this OS. A big THANK YOU to the devs! I tried a couple of distros already, but I didn't find anything like this.
I'm rather new to Linux, so please be gentle :-)
1) I'm using an encrypted partition, using device mapper and luks key handling. I wrote the entries to /etc/fstab and /etc/crypttab. I don't want to use a keyfile or specify the password in /etc/crypttab, so I used "none" as password in this file. On boot it should ask me for a password, but it doesn't. I noticed, that there is no test for "none" as password in /etc/rc.sysinit. I added some code to this file:
if [ "$cpass" == "none" ]; then echo "Password: " read cpass fi
However, the read command doesn't work. It never asks me for a password.
Is there such a query already, and I just haven't found it? How can I prompt the user for input?
2) I installed beryl to see if it would work, but when I start "beryl-settings" I get an error. It tells me, that I'm using the wrong locale. When i modify the environment with
it executes without any problems. I'm using "de_DE.utf8", and I don't want to change it in /etc/rc.conf just for this single application. Is there a way to set this var for this application only?
Thanks in advance, and sorry for any grammar mistakes..
Concerning the first question, you should probably have the if part after you have read cpass from the prompt.
Besides, this doesn't seem like an optimal solution. If you want to have the data protected why have the password all unprotected in the init scripts?
Boot access is (usually) root access. Could be that I've misunderstood it, but for now it seems to me like that's the case.
1) thanks for the reply, but I think you've missunderstood me (excuse me if I'm wrong). The if part goes after /etc/crypttab is read. So the password is already in the $cpass variable. The if part checks if the password is "none". If it is, it should prompt for the password, but it doesn't.
I don't think that a user prompt is a security issue, since the password isn't stored anywhere. If I'd go with the default, I would have to specify the password in /etc/crypttab, which in my case is stored on an unencrypted volume. I think THAT's a security issue.
So how do I make a user prompt inside the init script?
1) figured out myself, sent a patch to the mailing list
2) I just start the application with a shell script, as the export command within the script does not modify the global environment.