Suivant: Services Guix, Précédent: Services de jeu, Monter: Services [Table des matières][Index]
Le module (gnu services pam-mount)
fournit un service qui permet de
monter des volumes à la connexion de l’utilisateur·rice. Il peut monter
n’importe quel format de volume pris en charge par le système.
Type de service pour la prise en charge de PAM Mount.
Type de données représentant la configuration de PAM Mount.
Il prend les paramètres suivants :
rules
Les règles de configuration utilisées pour générer /etc/security/pam_mount.conf.xml.
Les règles de configuration sont des éléments SXML (voir SXML dans GNU Guile Reference Manual), et les valeurs par défaut ne montent rien pour personne à la connexion :
`((debug (@ (enable "0"))) (mntoptions (@ (allow ,(string-join '("nosuid" "nodev" "loop" "encryption" "fsck" "nonempty" "allow_root" "allow_other") ",")))) (mntoptions (@ (require "nosuid,nodev"))) (logout (@ (wait "0") (hup "0") (term "no") (kill "no"))) (mkmountpoint (@ (enable "1") (remove "true"))))
Certains éléments de volume
doivent être ajoutés pour automatiquement
monter des volumes à la connexion. voici un exemple qui permet à
l’utilisatrice alice
de monter son répertoire HOME
chiffré et
permet à l’utilisateur bob
de monter la partition où il stocke ses
données :
(define pam-mount-rules `((debug (@ (enable "0"))) (volume (@ (user "alice") (fstype "crypt") (path "/dev/sda2") (mountpoint "/home/alice"))) (volume (@ (user "bob") (fstype "auto") (path "/dev/sdb3") (mountpoint "/home/bob/data") (options "defaults,autodefrag,compress"))) (mntoptions (@ (allow ,(string-join '("nosuid" "nodev" "loop" "encryption" "fsck" "nonempty" "allow_root" "allow_other") ",")))) (mntoptions (@ (require "nosuid,nodev"))) (logout (@ (wait "0") (hup "0") (term "no") (kill "no"))) (mkmountpoint (@ (enable "1") (remove "true"))))) (service pam-mount-service-type (pam-mount-configuration (rules pam-mount-rules)))
La liste complète des options disponibles se trouve sur la page de manuel de pam_mount.conf.
PAM mount volumes are automatically mounted at login by the PAM login
service according to a set of per-volume rules. Because they are mounted by
PAM the password entered during login may be used directly to mount
authenticated volumes, such as cifs
, using the same credentials.
These volumes will be added in addition to any volumes directly specified in
pam-mount-rules
.
Here is an example of a rule which will mount a remote CIFS share from //remote-server/share into a sub-directory of /shares named after the user logging in:
(simple-service 'pam-mount-remote-share pam-mount-volume-service-type
(list (pam-mount-volume
(secondary-group "users")
(file-system-type "cifs")
(server "remote-server")
(file-name "share")
(mount-point "/shares/%(USER)")
(options "nosuid,nodev,seal,cifsacl"))))
Configuration for a single volume to be mounted. Any fields not specified will be omitted from the run-time PAM configuration. See the man page for the default values when unspecified.
user-name
(type: maybe-string)Mount the volume for the given user.
user-id
(type: maybe-integer-or-range)Mount the volume for the user with this ID. This field may also be
specified as a pair of (start . end)
indicating a range of user IDs
for whom to mount the volume.
primary-group
(type: maybe-string)Mount the volume for users with this primary group name.
group-id
(type: maybe-integer-or-range)Mount the volume for the users with this primary group ID. This field may
also be specified as a cons cell of (start . end)
indicating a range
of group ids for whom to mount the volume.
secondary-group
(type: maybe-string)Mount the volume for users who are members of this group as either a primary or secondary group.
file-system-type
(type: maybe-string)The file system type for the volume being mounted (e.g., cifs
)
no-mount-as-root?
(type: maybe-boolean)Whether or not to mount the volume with root privileges. This is normally
disabled, but may be enabled for mounts of type fuse
, or other
user-level mounts.
server
(type: maybe-string)The name of the remote server to mount the volume from, when necessary.
file-name
(type: maybe-string)The location of the volume, either local or remote, depending on the
file-system-type
.
mount-point
(type: maybe-string)Where to mount the volume in the local file-system. This may be set to ~ to indicate the home directory of the user logging in. If this field is omitted then /etc/fstab is consulted for the mount destination.
options
(type: maybe-string)The options to be passed as-is to the underlying mount program.
ssh?
(type: maybe-boolean)Enable this option to pass the login password to SSH for use with mounts
involving SSH (e.g., sshfs
).
cipher
(type: maybe-string)Cryptsetup cipher name for the volume. To be used with the crypt
file-system-type
.
file-system-key-cipher
(type: maybe-string)Cipher name used by the target volume.
file-system-key-hash
(type: maybe-string)SSL hash name used by the target volume.
file-system-key-file-name
(type: maybe-string)File name of the file system key for the target volume.
Suivant: Services Guix, Précédent: Services de jeu, Monter: Services [Table des matières][Index]