Decrypt and mount two partitions on login

Hi,

I have the following setup - a workstation with 2 SSDs on RAID1 (boot/root/home) and 2 HDDs also on RAID1 (slow but huge data hoarding).

The home directory is on a separate encrypted partition, the same goes for the slow HDD data.

So I have /dev/md/Home for the home partition and /dev/md/Data for the slow HDD data (movies etc).

I have created an entry in /etc/pam.d/sddm to execute two scripts to decrypt these on login:


auth     optional       pam_exec.so expose_authtok /etc/pam_cryptsetup1.sh 
auth     optional       pam_exec.so expose_authtok /etc/pam_cryptsetup2.sh

The scripts:

/etc/pam_cryptsetup1.sh:

#!/usr/bin/env bash 
if  "$PAM_USER" == "MyUserName" && ! -e "/dev/mapper/cr_home" ]]; then 
     /usr/sbin/cryptsetup open "/dev/md/Home" "cr_home" 
fi

/etc/pam_cryptsetup2.sh:

#!/usr/bin/env bash 
if  "$PAM_USER" == "[FONT=monospace]MyUserName" && ! -e "/dev/mapper/cr_opt" ]]; then [/FONT]
     /usr/sbin/cryptsetup open "/dev/md/Data" "cr_opt" 
fi

This succesfully decrypts these on user login, can confirm with:

WorkStation**:~ #** dmsetup ls --target crypt 
cr_home (254, 0) 
cr_opt  (254, 1)

After that, I create a systemd.mount file in /etc/systemd/system/home-[FONT=monospace]MyUserName.mount[/FONT]:

[Unit] 
Requires=user@1000.service 
Before=user@1000.service 

[Mount] 
Where=/home/[FONT=monospace][FONT=monospace]MyUserName[/FONT]
What=/dev/mapper/cr_home 
Type=ext4 
Options=rw,relatime,data=ordered 

[Install] 
RequiredBy=user@1000.service
[/FONT]

This works perfectly and my home directory is mounted after the encrypted partition is opened!

The second (movies etc) partition however, is not.

/etc/systemd/system/home-[FONT=monospace]MyUserName-Videos.mount:[/FONT]

Unit] 
Requires=user@1000.service 
Before=user@1000.service 

[Mount] 
Where=/home/[FONT=monospace][FONT=monospace][FONT=monospace]MyUserName[/FONT][/FONT]/Videos
What=/dev/mapper/cr_opt 
Type=ext4 
Options=rw,relatime,data=ordered 

[Install] 
RequiredBy=user@1000.service
[/FONT]

The /home/MyUserName/Videos exists and belongs to the user. In fact, whatever the mount point, it never gets mounted - it’s as if the second .mount file is never read by systemd.

If I delete the first .mount file (the Home one) and only leave the Videos mount, it gets mounted.

I don’t see any errors in journalctl -f or when the user logs in.

I’m very new to systemd, so please feel free to scold me. :smiley:

Thank you!

How do you know it? How exactly did you check for it? Because …

If I delete the first .mount file (the Home one) and only leave the Videos mount, it gets mounted.

… this means /home/MyUserName mount point (not content of encrypted device) has subdirectory Videos and it is quite possible that first device is mounted on /home/MyUserName/Videos and then another device is mounted on /home/MyUserName, thus hiding the first mount point.

But without actual logs anything will be just a wild guess. Reboot, login, and show output of

cat /proc/self/mountinfo
systemctl status home-MyUserName.mount
systemctl status home-MyUserName-Videos.mount
journalctl -b

It will be long so upload to https://susepaste.org

Well it was an extremely easy fix.

All I had to do is

systemctl enable home-myusername-Videos.mount

Worked like a charm after that!

I don’t know why I didn’t have to enable the .mount for the /home/myusername mount though. It worked right out of the box for that one.

Thank you for pointing out the ‘systemctl status home-MyUserName-Videos.mount’ command, which pointed out the “Disabled” status.