How not to mount Encrypted partition?

I have an encrypted partition I would like to not boot when the machine comes up.

/etc/fstab already has noauto:
/dev/mapper/cr_sdb5 /data2 reiserfs acl,user_xattr,noauto 0

What else do I need to change so “/data2” doesn’t get mounted?

Just remove the line for sda2 in /etc/fstab, don’t forget to backup the file first!

Or just put a # in front of the line. Easier to revert when you want it back.

francisco1844 wrote:

> What else do I need to change so “/data2” doesn’t get mounted?

Or, make it user mountable:

/dev/dm-0 /home/user/Documents/personal ext2 defaults,noauto,user 0 0

Menes Narmer
menesofmemphis [at] gmail [dot] com

“Unity and humility is the lesson all of history teaches.”

Thanks for all the replies.
How about making it not ask for the password at bootup?

Basically I want an encrypted filesystem, but if the machine looses power and it comes back up I want the system to boot and then when I get home I will boot the encrypted partition manually.

If the /root is encrypted, you cannot bypass password in order to boot the system. But I believe you a talking about an extra hard drive.

So to not be prompted for password during boot, follow the suggestions given in the previous posts–by removing the device from your fstab–also, check your grub to make sure it is not listed there as well.

good luck!

It is a second hard drive which I mount as /data2.

I already removed from fstab, but at bootup it still gets prompted for the password.

Originally when it was in fstab its entry was:
/dev/mapper/cr_sdb5 /data2 reiserfs noatime,noacl,noauto 0 0 (see NOTE)

Perhaps there is an entry related to /dev/mapper that needs to be commented?

NOTE: I don’t have the original entry anymore since I am goin to try EXT3 and the new line in fstab now reads EXT3, but it was pretty much what I have above. I am doing a backup to Amazon S3, but once that finishes later I will try to see if using EXT3 makes a difference. However I think it may be something else outside of fstab.

Thanks for all the help guys.

Post your grub.


Modified by YaST2. Last modification on Fri Jun 6 23:17:15 EDT 2008

default 0
timeout 8
gfxmenu (hd0,0)/message
##YaST - activate

###Don’t change this comment - YaST2 identifier: Original name: linux###
title openSUSE 10.3 -
root (hd0,0)
kernel /vmlinuz- root=/dev/disk/by-id/scsi-SATA_SAMSUNG_HD501LJS0MUJDWPC42491-part6 vga=0x366 resume=/dev/sda5 splash=silent showopts
initrd /initrd-

###Don’t change this comment - YaST2 identifier: Original name: failsafe###
title Failsafe – openSUSE 10.3 -
root (hd0,0)
kernel /vmlinuz- root=/dev/disk/by-id/scsi-SATA_SAMSUNG_HD501LJS0MUJDWPC42491-part6 vga=normal showopts ide=nodma apm=off acpi=off noresume edd=off 3
initrd /initrd-

The filesystem in question is /dev/sdb5.
I don’t see it listed there.

Digging in google I found this directory:

There I see
brw------- 1 root 253, 1 2008-06-13 20:11 cr_sda5
brw------- 1 root 253, 0 2008-06-13 20:11 cr_sda7
brw------- 1 root 253, 2 2008-06-14 08:43 cr_sdb5

I wonder if those can be moved. I think if cr_sdb5 is not there, that it will not ask for password. Then at boot time I would move it back and mount it.

I don’t see why it would still prompt for password for sdb5.

did you run mkinitrd after you edited you fstab in order to update it?

I remember *thestig *loosing a disk with a password on it. This password was asked for by the firmware (through the BIOS) at boottime. When that is the case no OS can do anything about it. You then have to go to your BIOS to remove the password from the disk.

What you can do is to tell your system not to do all the encrypted stuff at startup and just start it manually later. For that to work just run “chkconfig boot.crypto off”. This turns off the crypto-services(ie the encrypted disks and stuff). Then, when you get home, all you have to do is run “/etc/init.d/boot.crypto start” as root and give the password and you should be good.

I did not do mkinitrd. I was not aware that /etc/fstab got parsed/read by something else after changes.

Looking at the man page don’t see if it takes any parameters. Is it just mkinitrd by itself?

Anything else that needs that run if file in /etc is run manually?

[Edit] As I come to think of it, when I edited fstab the filesystem did not mount. I did not have to do anything special after changing /etc/fstab.

/etc/fstab is not avery dynamic file. Nothing happens at the moment in time that you change it. It is read:

a. When you do a mount/umount of one of the items found in it when you doo not provide all of the parameters in that mount/umount statement. It add the not mentioned parameters to your (u)mount. So you can simpl;y say mount /data if tthere is a line in /etyc/fstab about the mount point /data.

b. At boottime to do the mounts that should be done at boot time.

I am not aware of any connection to mkinitrd, but I leave it to more knowledgeble people to inform you about that.

I know this is a late reply, but I’m in a similar situation to francisco1844, and here’s what helped for me: in /etc/crypttab I have one line:

cr_sdc1 /dev/disk/by-id/ata-ST3120022A_3JS49GSZ-part1 none none

When I placed a ‘#’ in front of it, I was no longer asked for a password at boot time (and the device was not mounted - for automatic mounting replace the first “none” with the path to a file containing your password, obviously making this a hidden file accessible only to root).

More advice on /etc/crypttab:
crypttab(5): encrypted block device table - Linux man page