Next: , Previous: , Up: Servicios   [Contents][Index]


11.9.33 Servicio PAM Mount

El módulo (gnu services pam-mount) proporciona un servicio que permite a las usuarias montar volúmenes cuando ingresen al sistema. Debe ser capaz de montar cualquier formato de volumen que el sistema permita.

Variable: pam-mount-service-type

Tipo de servicio para la implementación de PAM Mount.

Tipo de datos: pam-mount-configuration

Tipo de datos que representa la configuración de PAM Mount.

Toma los siguientes parámetros:

rules

Las reglas de configuración que se usarán para generar /etc/security/pam_mount.conf.xml.

Las reglas de configuración son elementos SXML (see SXML in GNU Guile Reference Manual), y las reglas predeterminadas no incluyen el montado de ningún dispositivo para ningún usuario en el ingreso al sistema:

`((debug (@ (enable "0")))
  (mntoptions (@ (allow ,(string-join
                          '("nosuid" "nodev" "loop"
                            "encryption" "fsck" "nonempty"
                            "allow_root" "allow_other")
                          ","))))
  (mntoptions (@ (require "nosuid,nodev")))
  (logout (@ (wait "0")
             (hup "0")
             (term "no")
             (kill "no")))
  (mkmountpoint (@ (enable "1")
                   (remove "true"))))

Algunos elementos volume deben añadirse de manera automática para montar volúmenes en el ingreso. El siguiente ejemplo permite a la usuaria alicia montar su directorio HOME cifrado y permite al usuario rober montar la partición donde almacena sus datos:

(define reglas-pam-mount
`((debug (@ (enable "0")))
            (volume (@ (user "alicia")
                       (fstype "crypt")
                       (path "/dev/sda2")
                       (mountpoint "/home/alicia")))
            (volume (@ (user "rober")
                       (fstype "auto")
                       (path "/dev/sdb3")
                       (mountpoint "/home/rober/data")
                       (options "defaults,autodefrag,compress")))
            (mntoptions (@ (allow ,(string-join
                                    '("nosuid" "nodev" "loop"
                                      "encryption" "fsck" "nonempty"
                                      "allow_root" "allow_other")
                                    ","))))
            (mntoptions (@ (require "nosuid,nodev")))
            (logout (@ (wait "0")
                       (hup "0")
                       (term "no")
                       (kill "no")))
            (mkmountpoint (@ (enable "1")
                             (remove "true")))))

(service pam-mount-service-type
         (pam-mount-configuration
           (rules reglas-pam-mount)))

La lista completa de opciones posibles se puede encontrar en la página de man de pam_mount.conf.

PAM Mount Volume Service

PAM mount volumes are automatically mounted at login by the PAM login service according to a set of per-volume rules. Because they are mounted by PAM the password entered during login may be used directly to mount authenticated volumes, such as cifs, using the same credentials.

These volumes will be added in addition to any volumes directly specified in pam-mount-rules.

Here is an example of a rule which will mount a remote CIFS share from //remote-server/share into a sub-directory of /shares named after the user logging in:

(simple-service 'pam-mount-remote-share pam-mount-volume-service-type
                (list (pam-mount-volume
                       (secondary-group "users")
                       (file-system-type "cifs")
                       (server "remote-server")
                       (file-name "share")
                       (mount-point "/shares/%(USER)")
                       (options "nosuid,nodev,seal,cifsacl"))))
Data Type: pam-mount-volume-service-type

Configuration for a single volume to be mounted. Any fields not specified will be omitted from the run-time PAM configuration. See the man page for the default values when unspecified.

user-name (type: maybe-string)

Mount the volume for the given user.

user-id (type: maybe-integer-or-range)

Mount the volume for the user with this ID. This field may also be specified as a pair of (start . end) indicating a range of user IDs for whom to mount the volume.

primary-group (type: maybe-string)

Mount the volume for users with this primary group name.

group-id (type: maybe-integer-or-range)

Mount the volume for the users with this primary group ID. This field may also be specified as a cons cell of (start . end) indicating a range of group ids for whom to mount the volume.

secondary-group (type: maybe-string)

Mount the volume for users who are members of this group as either a primary or secondary group.

file-system-type (type: maybe-string)

The file system type for the volume being mounted (e.g., cifs)

no-mount-as-root? (type: maybe-boolean)

Whether or not to mount the volume with root privileges. This is normally disabled, but may be enabled for mounts of type fuse, or other user-level mounts.

server (type: maybe-string)

The name of the remote server to mount the volume from, when necessary.

file-name (type: maybe-string)

The location of the volume, either local or remote, depending on the file-system-type.

mount-point (type: maybe-string)

Where to mount the volume in the local file-system. This may be set to ~ to indicate the home directory of the user logging in. If this field is omitted then /etc/fstab is consulted for the mount destination.

options (type: maybe-string)

The options to be passed as-is to the underlying mount program.

ssh? (type: maybe-boolean)

Enable this option to pass the login password to SSH for use with mounts involving SSH (e.g., sshfs).

cipher (type: maybe-string)

Cryptsetup cipher name for the volume. To be used with the crypt file-system-type.

file-system-key-cipher (type: maybe-string)

Cipher name used by the target volume.

file-system-key-hash (type: maybe-string)

SSL hash name used by the target volume.

file-system-key-file-name (type: maybe-string)

File name of the file system key for the target volume.


Next: Servicios de Guix, Previous: Servicios de juegos, Up: Servicios   [Contents][Index]