I have a fesh install of CentOS release 6.6 on my laptop. I want to use a more secure config with /home crypted. But when this partition is mounted I cannot login anymore on my laptop. Only root can login. This occur at level 5 (graphic login) or 3 (text login). The message is "Cannot enter home directory. Using /."
Logged as root I can create a new user (with useradd) and his home is created on this crypted partition.
Logged as root I can issue a "su - anotheruser" in a terminal and access the home of this user on the crypted partition.
The problem looks strange for me and google has not helped....
This how I build the crypted partition (following a tutorial, just changing ext4 with xfs): lvcreate -L 30G -n lv_home vg_portable badblocks -s -w -t random -v /dev/vg_portable/lv_home cryptsetup luksFormat /dev/vg_portable/lv_home cryptsetup luksOpen /dev/vg_portable/lv_home c_home mkfs -t xfs -L /home /dev/mapper/c_home
The blkid command shows: /dev/mapper/c_home: LABEL="/home" UUID="1118317e-cc5a-4183-a498-21418f82e982" TYPE="xfs"
In /etc/fstab I add: UUID=1118317e-cc5a-4183-a498-21418f82e982 /home xfs defaults 1 2
In /etc/crypttab I add: c_home /dev/vg_portable/lv_home none luks
Thanks for your advices.
Patrick
On Tue, Nov 11, 2014 at 07:43:21PM +0100, Patrick Bégou wrote:
I have a fesh install of CentOS release 6.6 on my laptop. I want to use a more secure config with /home crypted. But when this partition is mounted I cannot login anymore on my laptop. Only root can login. This occur at level 5 (graphic login) or 3 (text login). The message is "Cannot enter home directory. Using /."
Does the new /home have the SELinux context home_root_t? Does your new home directory have the context user_home_dir_t? Does running '/sbin/restorecon -r -v /home' fix the issue?
Thanks for this very good suggestion Jonathan. I've disabled selinux and it works now. When I install desktops with kickstart, I always disable selinux on our internal network and I do not thought about this. This laptop was installed from DVD support! May be on a laptop that can be connected everywhere I'll have to understand this selinux application for a more secured system.
Thanks again.
Patrick
Jonathan Billings a écrit :
On Tue, Nov 11, 2014 at 07:43:21PM +0100, Patrick Bégou wrote:
I have a fesh install of CentOS release 6.6 on my laptop. I want to use a more secure config with /home crypted. But when this partition is mounted I cannot login anymore on my laptop. Only root can login. This occur at level 5 (graphic login) or 3 (text login). The message is "Cannot enter home directory. Using /."
Does the new /home have the SELinux context home_root_t? Does your new home directory have the context user_home_dir_t? Does running '/sbin/restorecon -r -v /home' fix the issue?
-
Jonathan Billings -
Patrick Bégou