Hello!
I am setting up a FreeBSD file server with encrypted storage. The root filesystem is on ZFS and the storage disks are encrypted with GELI with ZFS on top of that.
Now I want to make it easy for both me and my wife to mount the pool using a password after the server boots. I have created a zvol on the zroot pool. This zvol is encrypted with GELI and then has a filesystem created with newfs on top of that. In this filesystem I will store all the keys for the storage disks. I don't have any success with letting non-root users attach this zvol and then mount the filesystem.
I have added this to /etc/sysctl.conf:
and this to /etc/devfs.conf:
When I execute geli attach as a non-root user (member of the priv group) this is the result:
No /dev/zvol/zroot/priv.eli shows up after this.
If I run the same command as root this is the result:
Now the /dev/zvol/zroot/priv.eli device shows up.
I have verified the permissions on the /dev/zvol/zroot/priv device:
Does anyone know why this does not work?
Regards,
Niclas
I am setting up a FreeBSD file server with encrypted storage. The root filesystem is on ZFS and the storage disks are encrypted with GELI with ZFS on top of that.
Now I want to make it easy for both me and my wife to mount the pool using a password after the server boots. I have created a zvol on the zroot pool. This zvol is encrypted with GELI and then has a filesystem created with newfs on top of that. In this filesystem I will store all the keys for the storage disks. I don't have any success with letting non-root users attach this zvol and then mount the filesystem.
I have added this to /etc/sysctl.conf:
Code:
vfs.usermount=1
Code:
# Allow member of priv to mount /dev/zvol/zroot/priv and priv.eli
own /dev/zvol/zroot/priv root:priv
perm /dev/zvol/zroot/priv 0660
When I execute geli attach as a non-root user (member of the priv group) this is the result:
brydling@beta:/priv % geli attach -vv /dev/zvol/zroot/priv
Enter passphrase:
Done.
No /dev/zvol/zroot/priv.eli shows up after this.
If I run the same command as root this is the result:
root@beta:~ # geli attach -vv /dev/zvol/zroot/priv
Enter passphrase:
Attached to /dev/zvol/zroot/priv.
Done.
Now the /dev/zvol/zroot/priv.eli device shows up.
I have verified the permissions on the /dev/zvol/zroot/priv device:
brydling@beta:/priv % ll /dev/zvol/zroot/priv
crw-rw---- 1 root priv 0x76 Jan 14 13:13 /dev/zvol/zroot/priv
Does anyone know why this does not work?
Regards,
Niclas