[debian-edu-commits] debian-edu/ 03/06: Remove outdated pam_mount related files, unused since ages.
Wolfgang Schweer
schweer-guest at moszumanska.debian.org
Thu Mar 22 12:40:09 UTC 2018
This is an automated email from the git hooks/post-receive script.
schweer-guest pushed a commit to branch master
in repository debian-edu-config.
commit 917edfba6badf29997d5427b37baab7ed3169455
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Tue Mar 20 16:37:53 2018 +0100
Remove outdated pam_mount related files, unused since ages.
- etc/security/pam_mount-stateless-debian-edu.conf
- etc/security/pam_mount-winbind-debian-edu.conf
---
etc/security/pam_mount-stateless-debian-edu.conf | 203 -----------------------
etc/security/pam_mount-winbind-debian-edu.conf | 202 ----------------------
2 files changed, 405 deletions(-)
diff --git a/etc/security/pam_mount-stateless-debian-edu.conf b/etc/security/pam_mount-stateless-debian-edu.conf
deleted file mode 100644
index cb1ce92..0000000
--- a/etc/security/pam_mount-stateless-debian-edu.conf
+++ /dev/null
@@ -1,203 +0,0 @@
-# Turn on if you want to debug why some volume cannot be mounted etc.
-# This can be overriden by user's local configuration
-#
-# Format: debug [ 1 | 0 ]
-# Local user configuration can override this.
-
-debug 1
-mkmountpoint 1
-# Loopback device to use to run fsck on loopback filesystems.
-fsckloop /dev/loop7
-
-# Users' local configuration file (if there is none, comment out this
-# parameter). Will be read as ~/<file>
-#
-# Note: you must include either options_allow or options_deny to use
-# this directive. I recommend also including options_require.
-#
-# Individual users may define additional volumes to mount if allowed
-# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is
-# the only valid keyword in these per-user configuration files. If the
-# luserconf parameter is set in pam_mount.conf, allowing user-defined
-# volume, then users may mount and unmount any volumes they specify.
-# The mount operation is executed under the user account, not with
-# root permissions.
-# IMPORTANT: right now only smb and ncp mounts work in ~/.pam_mount.conf
-# since they do not require root privileges! All other mount types
-# have to be in the global configuration file.
-# Please only file bugs about this if you can exactly show and prevent
-# the security implications of user-specified mount commands.
-#
-# Format: luserconf <file>
-# luserconf .pam_mount.conf
-
-# These directives determine which options may be specified in a user config
-# file (luserconf). You must include one of these directives if you have a
-# luserconf directive. You may not include both directives.
-#
-# If you have an options_allow directive, then the options listed in that
-# directive wil be allowed, and all others rejected. If you have an
-# options_deny directive, then the options listed will be denied, and all others
-# permitted.
-#
-# You may use the wildcard '*' to match all options.
-#
-options_allow nosuid,nodev,loop,encryption
-# options_deny suid,dev
-# options_allow *
-# options_deny *
-#
-# I recommend not permitting the suid and dev options.
-
-# The options listed in this directive are required for all volumes from a
-# user config file. That is, any volume specified in a user config file that
-# does not include these options will be ignored.
-#
-# Note: you must make sure that a required option is permitted (either by
-# including it in options_allow, or by not including it in options_deny).
-#
-# I recommend requiring at least nosuid and nodev.
-#
-# This is ignored completely if the volume is configured to get its options
-# and mount point from /etc/fstab.
-#
-options_require nosuid,nodev
-
-# Commands to mount/unmount volumes. They can take parameters, as shown.
-#
-# If you change the -p0 argument for lclmount, you'll need to modify the
-# source in mount.c (it sends the password to the stdin file descriptor
-# of the child process -- look for STDIN_FILENO).
-
-lsof /usr/sbin/lsof %(MNTPT)
-fsck /sbin/fsck -p %(FSCKTARGET)
-losetup /sbin/losetup -p0 "%(before=\"-e\" CIPHER)" "%(before=\"-k\" KEYBITS)" %(FSCKLOOP) %(VOLUME)
-unlosetup /sbin/losetup -d %(FSCKLOOP)
-cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
-#smbmount /usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
-smbmount /bin/mount -nt smb //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
-ncpmount /usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
-smbumount /usr/bin/smbumount %(MNTPT)
-ncpumount /usr/bin/ncpumount %(MNTPT)
-# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes.
-# May also break loopback mounts because loopback devices are not freed.
-# Need to unmount mount point not volume to support SMB mounts, etc.
-umount /bin/umount -l %(MNTPT)
-# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package).
-lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
-cryptmount /bin/mount -t crypt "%(before=\"-o\" OPTIONS)" %(VOLUME) %(MNTPT)
-nfsmount /bin/mount -n %(SERVER):%(VOLUME) %(MNTPT) "%(before=\"-o\" OPTIONS)"
-# --bind may be a Linuxism. FIXME: find BSD equivalent.
-mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
-#mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
-pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
-
-# Volumes that will be mounted when user triggers pam_mount module
-# (usually at login).
-#
-# Format:
-# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>
-#
-# Note that if the mount command has specified an option, eg %(KEYBITS)
-# and you don't specify a value, a warning is printed in the log. The
-# warning can usually be ignored, except when the option is mandatory.
-#
-# General examples:
-#
-# smb mounts require the "smbfs" Debian package
-# smb mounts work also in user-specified config file ~/.pam_mount.conf
-# volume user smb krueger public /home/user/krueger - - -
-#
-# ncp mounts require the "ncpfs" Debian package
-# ncp mounts work also in user-specified config file ~/.pam_mount.conf
-# volume user ncp krueger public /home/user/krueger user=user.context - -
-#
-# Linux encrypted home directory examples, using dm_crypt:
-#
-# crypt mounts require a kernel with CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT
-# enabled as well as all the used ciphers (eg. CONFIG_CRYPTO_AES_586,
-# CONFIG_CRYPTO_TWOFISH, etc.)
-# crypt mounts require the "cryptsetup" Debian package.
-# crypt mounts must be in the global config file /etc/security/pam_mount.conf
-# volume user crypt - /dev/sda2 /home/user cipher=aes aes-256-ecb /home/user.key
-#
-# Linux encrypted home directory examples, using cryptoloop:
-#
-# cryptoloop mounts require a kernel with CONFIG_BLK_DEV_CRYPTOLOOP enabled
-# cryptoloop mounts must be in the global config file
-# /etc/security/pam_mount.conf
-# volume user local - /dev/hda123 /home/user loop,encryption=aes - -
-# volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - -
-# volume user local - /home/user.img - - - -
-# volume user local - /home/user.img - - aes-256-ecb /home/user4.key
-#
-# The last two examples need a line like the following in
-# /etc/fstab:
-#
-# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0
-#
-# OpenBSD encrypted home directory example (see also lclmount above):
-# volume user local - /home/user.img /home/user svnd0 - -
-#
-# Volatile tmpfs mount with restricted size
-# (thanks to Mike Hommey for this example)
-#
-# volume test local - /tmpfs/test /home/test "size=10M,uid=test,gid=users,mode=0700 -t tmpfs" - -
-#
-# Details:
-# Local user configuration (~/.pam_mount.conf) can extend this.
-#
-# If there are no servers, mount options, fs key ciphers, etc. you must
-# supply a "-"
-#
-# See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html
-# to learn how to create a encrypted loopback filesystem.
-#
-# If the volume's password is different than the user's login password,
-# the following technique may be used (see also README):
-#
-# 1. Create a file containing the volume's password (FS key). If you are
-# using pam_mount to mount an loopback encrypted volume, this password
-# should may generated by /dev/urandom.
-#
-# Simple example:
-# echo <volume password> | openssl enc -aes-256-ecb > /home/user.key
-# Encrypt this file using the user's login password as the key.
-#
-# Verbose loopback encrypted volume example:
-# a. dd if=/dev/urandom of=/home/user.img bs=1M count=<image size in MB>
-# b. dd if=/dev/urandom bs=1c count=<keysize / 8> | openssl enc \
-# -<fs key cipher> > /home/user.key
-# Encrypt this file using the user's login password as the key.
-# c. openssl enc -d -<fs key cipher> -in /home/user.key | losetup -e aes \
-# -k <keysize> -p0 /dev/loop0 /home/user.img
-# d. mkfs -t ext2 /dev/loop0
-# e. umount /dev/loop0
-# f. losetup -d /dev/loop0
-#
-# 3. In pam_mount.conf:
-# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb).
-# b. Set the fs key path variable to the key's path (ie: /home/user.key)
-# 4. If a user changes his login password, regenerate the efsk that
-# was created in step 1b. A script named passwdehd is provided to do this.
-#
-# If fs_key_cipher is -, then the user's login password is also the volume's
-# password.
-
-# Template (or wildcard) volumes
-#
-# If user is "*", "&" will be replaced by name of the user logging on in the
-# volume, mount point, mount options and fs key path fields. "~/*" will be
-# replaced with "<user's homedir>/*."
-#
-# volume * smb krueger & /home/& uid=&,gid=&,dmask=0750 - -
-# volume * smb krueger homes /home/&/remote - - -
-# volume * local - /home/&.img - - aes-256-ecb /etc/ehd/&
-
-# Windows 2000, which requires a domain specified, example (thanks John Knox):
-# volume * smb viper & /home/& uid=&,gid=&,dmask=0750,workgroup=WINDOWS_DOMAIN - -
-
-# An NCP example:
-# volume user ncp SERVER /USERS/Department/user /home/user user=user.full.context,uid=user,gid=user,symlinks - -
-volume * nfs tjener /skole/tjener/home0 /skole/tjener/home0 nolock - -
-# volume * smb tjener shared /skole/tjener/shared - - -
diff --git a/etc/security/pam_mount-winbind-debian-edu.conf b/etc/security/pam_mount-winbind-debian-edu.conf
deleted file mode 100644
index 529f564..0000000
--- a/etc/security/pam_mount-winbind-debian-edu.conf
+++ /dev/null
@@ -1,202 +0,0 @@
-# Turn on if you want to debug why some volume cannot be mounted etc.
-# This can be overriden by user's local configuration
-#
-# Format: debug [ 1 | 0 ]
-# Local user configuration can override this.
-
-debug 0
-mkmountpoint 1
-# Loopback device to use to run fsck on loopback filesystems.
-fsckloop /dev/loop7
-
-# Users' local configuration file (if there is none, comment out this
-# parameter). Will be read as ~/<file>
-#
-# Note: you must include either options_allow or options_deny to use
-# this directive. I recommend also including options_require.
-#
-# Individual users may define additional volumes to mount if allowed
-# by pam_mount.conf (usually ~/.pam_mount.conf). The volume keyword is
-# the only valid keyword in these per-user configuration files. If the
-# luserconf parameter is set in pam_mount.conf, allowing user-defined
-# volume, then users may mount and unmount any volumes they specify.
-# The mount operation is executed under the user account, not with
-# root permissions.
-# IMPORTANT: right now only smb and ncp mounts work in ~/.pam_mount.conf
-# since they do not require root privileges! All other mount types
-# have to be in the global configuration file.
-# Please only file bugs about this if you can exactly show and prevent
-# the security implications of user-specified mount commands.
-#
-# Format: luserconf <file>
-# luserconf .pam_mount.conf
-
-# These directives determine which options may be specified in a user config
-# file (luserconf). You must include one of these directives if you have a
-# luserconf directive. You may not include both directives.
-#
-# If you have an options_allow directive, then the options listed in that
-# directive wil be allowed, and all others rejected. If you have an
-# options_deny directive, then the options listed will be denied, and all others
-# permitted.
-#
-# You may use the wildcard '*' to match all options.
-#
-options_allow nosuid,nodev,loop,encryption
-# options_deny suid,dev
-# options_allow *
-# options_deny *
-#
-# I recommend not permitting the suid and dev options.
-
-# The options listed in this directive are required for all volumes from a
-# user config file. That is, any volume specified in a user config file that
-# does not include these options will be ignored.
-#
-# Note: you must make sure that a required option is permitted (either by
-# including it in options_allow, or by not including it in options_deny).
-#
-# I recommend requiring at least nosuid and nodev.
-#
-# This is ignored completely if the volume is configured to get its options
-# and mount point from /etc/fstab.
-#
-options_require nosuid,nodev
-
-# Commands to mount/unmount volumes. They can take parameters, as shown.
-#
-# If you change the -p0 argument for lclmount, you'll need to modify the
-# source in mount.c (it sends the password to the stdin file descriptor
-# of the child process -- look for STDIN_FILENO).
-
-lsof /usr/sbin/lsof %(MNTPT)
-fsck /sbin/fsck -p %(FSCKTARGET)
-losetup /sbin/losetup -p0 "%(before=\"-e \" CIPHER)" "%(before=\"-k \" KEYBITS)" %(FSCKLOOP) %(VOLUME)
-unlosetup /sbin/losetup -d %(FSCKLOOP)
-cifsmount /bin/mount -t cifs //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
-# smbmount /usr/bin/smbmount //%(SERVER)/%(VOLUME) %(MNTPT) -o "username=%(USER)%(before=\",\" OPTIONS)"
-smbmount /sbin/mount.smbfs //%(SERVER)/%(VOLUME) %(MNTPT) -n -o "username=%(USER)%(before=\",\" OPTIONS)"
-ncpmount /usr/bin/ncpmount %(SERVER)/%(USER) %(MNTPT) -o "pass-fd=0,volume=%(VOLUME)%(before=\",\" OPTIONS)"
-smbumount /usr/bin/smbumount %(MNTPT)
-ncpumount /usr/bin/ncpumount %(MNTPT)
-# Linux supports lazy unmounting (-l). May be dangerous for encrypted volumes.
-# May also break loopback mounts because loopback devices are not freed.
-# Need to unmount mount point not volume to support SMB mounts, etc.
-umount /bin/umount %(MNTPT)
-# On OpenBSD try "/usr/local/bin/mount_ehd" (included in pam_mount package).
-lclmount /bin/mount -p0 %(VOLUME) %(MNTPT) "%(before=\"-o \" OPTIONS)"
-cryptmount /bin/mount -t crypt "%(before=\"-o \" OPTIONS)" %(VOLUME) %(MNTPT)
-nfsmount /bin/mount %(SERVER):%(VOLUME) "%(MNTPT)%(before=\"-o \" OPTIONS)"
-# --bind may be a Linuxism. FIXME: find BSD equivalent.
-mntagain /bin/mount --bind %(PREVMNTPT) %(MNTPT)
-#mntcheck /bin/mount # For BSD's (don't have /etc/mtab)
-pmvarrun /usr/sbin/pmvarrun -u %(USER) -d -o %(OPERATION)
-
-# Volumes that will be mounted when user triggers pam_mount module
-# (usually at login).
-#
-# Format:
-# volume <user> [smb|ncp|nfs|local] <server> <volume> <mount point> <mount options> <fs key cipher> <fs key path>
-#
-# Note that if the mount command has specified an option, eg %(KEYBITS)
-# and you don't specify a value, a warning is printed in the log. The
-# warning can usually be ignored, except when the option is mandatory.
-#
-# General examples:
-#
-# smb mounts require the "smbfs" Debian package
-# smb mounts work also in user-specified config file ~/.pam_mount.conf
-# volume user smb krueger public /home/user/krueger - - -
-#
-# ncp mounts require the "ncpfs" Debian package
-# ncp mounts work also in user-specified config file ~/.pam_mount.conf
-# volume user ncp krueger public /home/user/krueger user=user.context - -
-#
-# Linux encrypted home directory examples, using dm_crypt:
-#
-# crypt mounts require a kernel with CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT
-# enabled as well as all the used ciphers (eg. CONFIG_CRYPTO_AES_586,
-# CONFIG_CRYPTO_TWOFISH, etc.)
-# crypt mounts require the "cryptsetup" Debian package.
-# crypt mounts must be in the global config file /etc/security/pam_mount.conf
-# volume user crypt - /dev/sda2 /home/user cipher=aes aes-256-ecb /home/user.key
-#
-# Linux encrypted home directory examples, using cryptoloop:
-#
-# cryptoloop mounts require a kernel with CONFIG_BLK_DEV_CRYPTOLOOP enabled
-# cryptoloop mounts must be in the global config file
-# /etc/security/pam_mount.conf
-# volume user local - /dev/hda123 /home/user loop,encryption=aes - -
-# volume user local - /home/user.img /home/user loop,user,exec,encryption=aes,keybits=256 - -
-# volume user local - /home/user.img - - - -
-# volume user local - /home/user.img - - aes-256-ecb /home/user4.key
-#
-# The last two examples need a line like the following in
-# /etc/fstab:
-#
-# /home/user4.img /home/user4 xfs user,loop,encryption=aes,keybits=256,noauto 0 0
-#
-# OpenBSD encrypted home directory example (see also lclmount above):
-# volume user local - /home/user.img /home/user svnd0 - -
-#
-# Volatile tmpfs mount with restricted size
-# (thanks to Mike Hommey for this example)
-#
-# volume test local - /tmpfs/test /home/test "size=10M,uid=test,gid=users,mode=0700 -t tmpfs" - -
-#
-# Details:
-# Local user configuration (~/.pam_mount.conf) can extend this.
-#
-# If there are no servers, mount options, fs key ciphers, etc. you must
-# supply a "-"
-#
-# See http://www.tldp.org/HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html
-# to learn how to create a encrypted loopback filesystem.
-#
-# If the volume's password is different than the user's login password,
-# the following technique may be used (see also README):
-#
-# 1. Create a file containing the volume's password (FS key). If you are
-# using pam_mount to mount an loopback encrypted volume, this password
-# should may generated by /dev/urandom.
-#
-# Simple example:
-# echo <volume password> | openssl enc -aes-256-ecb > /home/user.key
-# Encrypt this file using the user's login password as the key.
-#
-# Verbose loopback encrypted volume example:
-# a. dd if=/dev/urandom of=/home/user.img bs=1M count=<image size in MB>
-# b. dd if=/dev/urandom bs=1c count=<keysize / 8> | openssl enc \
-# -<fs key cipher> > /home/user.key
-# Encrypt this file using the user's login password as the key.
-# c. openssl enc -d -<fs key cipher> -in /home/user.key | losetup -e aes \
-# -k <keysize> -p0 /dev/loop0 /home/user.img
-# d. mkfs -t ext2 /dev/loop0
-# e. umount /dev/loop0
-# f. losetup -d /dev/loop0
-#
-# 3. In pam_mount.conf:
-# a. Set the fs key cipher variable to the cipher used (ie: aes-256-ecb).
-# b. Set the fs key path variable to the key's path (ie: /home/user.key)
-# 4. If a user changes his login password, regenerate the efsk that
-# was created in step 1b. A script named passwdehd is provided to do this.
-#
-# If fs_key_cipher is -, then the user's login password is also the volume's
-# password.
-
-# Template (or wildcard) volumes
-#
-# If user is "*", "&" will be replaced by name of the user logging on in the
-# volume, mount point, mount options and fs key path fields. "~/*" will be
-# replaced with "<user's homedir>/*."
-#
-# volume * smb krueger & /home/& uid=&,gid=&,dmask=0750 - -
-# volume * smb krueger homes /home/&/remote - - -
-# volume * local - /home/&.img - - aes-256-ecb /etc/ehd/&
-
-# Windows 2000, which requires a domain specified, example (thanks John Knox):
-# volume * smb viper & /home/& uid=&,gid=&,dmask=0750,workgroup=WINDOWS_DOMAIN - -
-
-# An NCP example:
-# volume user ncp SERVER /USERS/Department/user /home/user user=user.full.context,uid=user,gid=user,symlinks - -
-volume * smb %%HDSERVER%% &%%HIDDENHOME%% /home/%%DOMAIN%%/&/Dokumenter uid=&,dmask=0700%%CHARSET%%%%CODEPAGE%% - -
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list