/usr/share/sadms-2.0.15/conf/_pam_mount.conf.1 is in sadms 2.0.15.repack-0ubuntu2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 | # pam_mount.conf
# PAM_MOUNT CONFIG FILE
# SADMS
# 30/06/2009
# Turn on if you want to debug why some volume cannot be mounted etc.
# This can be overriden by user's local configuration
#
# Format: debug [ 1 | 0 ]
# Local user configuration can override this.
debug 0
# Create mountpoint if it does not exist yet. This is a good thing.
mkmountpoint 1
# Commands to mount/unmount volumes. They can take parameters, as shown.
lsof /usr/sbin/lsof
fsck /sbin/fsck
losetup /sbin/losetup
unlosetup /sbin/losetup -d
# Loopback device to use to run fsck on loopback filesystems.
fsckloop /dev/loop7
# Users' local configuration file (if there is none, comment out this
# parameter). Will be read as ~/<file>
#
# Note: you must include either options_allow or options_deny to use
# this directive. I recommend also including options_require.
#
# Individual users may define additional volumes to mount if allowed
# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is
# the only valid keyword in these per-user configuration files. If the
# luserconf parameter is set in pam_mount.conf, allowing user-defined
# volume, then users may mount and unmount any volume they own at any
# mount point they own. On some filesystem configurations this may be
# a security flaw so user-defined volumes are not allowed by the example
# pam_mount.conf distributed with pam_mount.
#
# Format: luserconf <file>
# luserconf .pam_mount.conf
# These directives determine which options may be specified in a user config
# file (luserconf). You must include one of these directives if you have a
# luserconf directive. You may not include both directives.
#
# If you have an options_allow directive, then the options listed in that
# directive wil be allowed, and all others rejected. If you have an
# options_deny directive, then the options listed will be denied, and all others
# permitted.
#
# You may use the wildcard '*' to match all options.
#
# options_allow nosuid,nodev
# options_deny suid,dev
# options_allow *
# options_deny *
#
# I recommend not permitting the suid and dev options.
# The options listed in this directive are required for all volumes from a
# user config file. That is, any volume specified in a user config file that
# does not include these options will be ignored.
#
# Note: you must make sure that a required option is permitted (either by
# including it in options_allow, or by not including it in options_deny).
#
# I recommend requiring at least nosuid and nodev.
#
# This is ignored completely if the volume is configured to get its options
# and mount point from /etc/fstab.
#
options_require nosuid,nodev
# Commands to mount/unmount volumes. They can take parameters, as shown.
#
# If you change the -p0 argument for lclmount, you'll need to modify the
# source in mount.c (it sends the password to the stdin file descriptor
# of the child process -- look for STDIN_FILENO).
smbmount /bin/mount -t smbfs
ncpmount /bin/mount -t ncpfs
# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes.
# May also break loopback mounts because loopback devices are not freed.
umount /bin/umount
# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package).
lclmount /bin/mount -p0
# --bind may be a Linuxism. FIXME: find BSD equivalent.
mntagain /bin/mount --bind
mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
# Volumes that will be mounted when user triggers pam_mount module
# (usually at login).
#
# Format:
# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>
#
# General examples:
# volume user smb krueger public /home/user/krueger - - -
# volume user ncp krueger public /home/user/krueger - - -
# Linux encrypted home directory examples:
# volume user local - /dev/hda123 /home/user loop,encryption=aes - -
# volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - -
# volume user local - /home/user.img - - - -
# volume user local - /home/user.img - - aes-256-ecb /home/user4.key
#
# OpenBSD encrypted home directory example (see also lclmount above):
# volume user local - /home/user.img /home/user svnd0 - -
#
# The last two examples need a line like the following in
# /etc/fstab:
#
# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0
#
# Details:
# Local user configuration can extend this.
# Mount point must be owned by the user.
#
# If there are no servers, mount options, fs key ciphers, etc. you must
# supply a "-"
#
# If a local mount is specified in a user config file, then the user must
# own the device or file being mounted.
#
# See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html
# to learn how to create a encrypted loopback filesystem.
#
# If the volume's password is different than the user's login password,
# the following technique may be used (see also README):
#
# 1. Create a file containing the volume's password (FS key). If you are
# using pam_mount to mount an loopback encrypted volume, this password
# should may generated by /dev/urandom.
#
# Simple example:
# echo <volume password> | openssl aes-256-ecb > /home/user.key
# Encrypt this file using the user's login password as the key.
#
# Verbose loopback encrypted volume example:
# a. dd if=/dev/urandom of=/home/user.img bs=1M count=<image size in MB>
# b. dd if=/dev/urandom bs=1c count=<keysize / 8> | openssl enc \
# -<fs key cipher> > /home/user.key
# Encrypt this file using the user's login password as the key.
# c. openssl enc -d -<fs key cipher> -in /home/user.key | losetup -e aes \
# -k <keysize> -p0 /dev/loop0 /home/user.img
# d. mkfs -t ext2 /dev/loop0
# e. umount /dev/loop0
# f. losetup -d /dev/loop0
#
# 3. In pam_mount.conf:
# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb).
# b. Set the fs key path variable to the key's path (ie: /home/user.key)
# 4. If a user changes his login password, regenerate the efsk that
# was created in step 1b. A script named passwdehd is provided to do this.
#
# If fs_key_cipher is -, then the user's login password is also the volume's
# password.
# Template (or wildcard) volumes
#
# If user is "*", "&" will be replaced by name of the user logging on in the
# volume, mount point, mount options and fs key path fields. "~/*" will be
# replaced with "<user's homedir>/*." In this mode, the user need not
# own the mount point, but it must exist.
#
# volume * smb krueger & /home/& uid=&,gid=&,dmask=0750 - -
# volume * smb krueger homes /home/&/remote - - -
# volume * local - /home/&.img - - aes-256-ecb /etc/ehd/&
# Windows 2000, which requires a domain specified, example (thanks John Knox):
# volume * smb viper & /home/& uid=&,gid=&,dmask=0750,workgroup=WINDOWS_DOMAIN - -
#volume %USER% smb %SERVER% %SHARE% %MOUNTPOINT% rw,uid=&,fmask=750,dmask=750 - -
#volume %USER% cifs %SERVER% %SHARE% %MOUNTPOINT% rw,uid=&,file_mode=0750,dir_mode=0750,domain=%DOMAIN% - -
#volume %USER% cifs %SERVER% %SHARE% %MOUNTPOINT% rw,uid=&,file_mode=0750,dir_mode=0750 - -
%VOLUMES%
|