I’ve been building a simple NAS for my home, and I wanted to store the data on a secondary disk, encrypted with dm-crypt/LUKS. There are plenty of articles on how to do that, but when it comes to automatically mounting the disk at boot, all of them recommend writing the encryption key in a keyfile and store it on the local filesystem.
This approach wasn’t acceptable to me: while the data would be encrypted at rest, the key to open the encrypted partition would also be sitting in the same place. If someone were to steal the physical server (imagine this were a small Raspberry Pi!), they would have access to the data without any issue.
How could I have the LUKS encryption key stored in a secure, remote place, while at the same time being able to have the encrypted disk automatically mounted without manual intervention (e.g. in case of a reboot after a power outage)? In other words, how to have your cake and eat it too.
Turns out, there’s a relatively simple solution, which requires just two systemd units.
Note: this approach can not be used with encrypted root volumes, but only with secondary disks.
Step 1: Generate and store the keyfile
The first thing we need to do is to generate a keyfile. This should be 256-bit (32 bytes) long, and can be generated with:
dd bs=32 count=1 if=/dev/random | base64 > keyfile
I’m piping the encryption key through base64 so we don’t have to deal with binary files, making things more manageable.
You will then need to store the keyfile somewhere safe. You can pick and choose any place you’d like; some ideas include:
- A key vault like Azure Key Vault
- HTTPS servers, including object storage services such as AWS S3 or Azure Blob Storage; make sure you’re using TLS to protect the data while in transit, rather than basic HTTP
For a simple (but effective enough) solution, you can store the keyfile in Azure Blob Storage. You can see an example of doing this in the Appendix below.
Step 2: Create a script returning the keyfile
You will need to create a script that can return the keyfile when invoked, stored as /etc/luks/key.sh
The content of the script completely depends on how and where you stored your keyfile. Following up on the example in the Appendix, with a keyfile stored on Azure Blob Storage, the script would look like this:
#!/bin/shset -e# Request the file from Azure Blob Storage using the URL with the SAS token, then pipe it through `base64 -d` to decode it from base64curl -s "https://ln5bxfzbl0tlf5z.blob.core.windows.net/keyfiles/keyfile?se=2022-01-19T23%3A02Z&sp=r&spr=https&sv=2018-11-09&sr=b&sig=gkaN2OSzN2zj1WSAPiLJMgtkcXLi2Y8EOVdBUmZQh88%3D" | base64 -d
Whatever the content of your script (which could be a shell script or written in any other language), it’s important then to make it executable and readable by the root user only:
# Ensure the owner of this file is "root"chown root:root /etc/luks/key.sh# Allow only the owner (root) to read and execute the scriptchmod 0500 /etc/luks/key.sh
Step 3: Encrypt the disk using LUKS
We’re now ready to get to the fun part, and encrypt the disk or partition.
To start, check the name of the disk you want to use, using lsblk:
$ lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTsda 8:0 0 30G 0 disk├─sda1 8:1 0 29.9G 0 part /├─sda14 8:14 0 4M 0 part└─sda15 8:15 0 106M 0 part /boot/efisdb 8:16 0 4G 0 disk└─sdb1 8:17 0 4G 0 part /mntsdc 8:32 0 32G 0 disk
In this example, I’m going to use the sdc disk. This is likely going to be different for you, so make sure you replace the disk name in all the commands below.
Watch out! The commands below will delete all files on the drive you select.
Before we start, install the cryptsetup utility:
# Debian, Ubuntu, Raspbian…apt install -y cryptsetup# CentOS, Fedora, RedHatyum install -y cryptsetup-luks
First, if your disk doesn’t have a partition yet (like mine), create a GPT partition table and a partition (without formatting it):
# Replace sdc with the drive you want to useparted /dev/sdc mklabel gptparted -a opt /dev/sdc mkpart datadisk ext4 0% 100%
Encrypt the sdc1 partition using LUKS, create an ext4 volume in that partition, and then close the encrypted volume. In all commands that require a keyfile, we’re invoking the /etc/luks/key.sh script that we created before, and telling cryptsetup to read the keyfile from stdin.
# Encrypt the disk# Replace sdc1 with the correct partition!/etc/luks/key.sh | cryptsetup -d - -v luksFormat /dev/sdc1# Open the encrypted volume, with the name "data"# Replace sdc1 with the correct partition!/etc/luks/key.sh | cryptsetup -d - -v luksOpen /dev/sdc1 data# Create a filesystem on the encrypted volumemkfs.ext4 -F /dev/mapper/data# Close the encrypted volumecryptsetup -v luksClose data
Step 4: Enable auto-mounting the encrypted disk
We’re almost done: ready to enable auto-mounting of the encrypted disk.
We’ll do that with two systemd units: one unlocking the encrypted device, and the other one actually mounting the disk.
To start, get the UUID of the /dev/sdc1 partition, using lsblk --fs. For example:
$ lsblk --fsNAME FSTYPE LABEL UUID MOUNTPOINT[...]sdc└─sdc1 crypto_LUKS a17db19d-5037-4cbb-b50b-c85e3e074864
In my example, that is a17db19d-5037-4cbb-b50b-c85e3e074864; it will be different for you.
Create a systemd unit for unlocking the encrypted device and save it as /etc/systemd/system/unlock-data.service. Make sure you replace the UUID in the command below!
[Unit]Description=Open encrypted data volumeAfter=network-online.targetWants=network-online.targetStopWhenUnneeded=true[Service]Type=oneshotExecStart=/bin/sh -c '/etc/luks/key.sh | /sbin/cryptsetup -d - -v luksOpen /dev/disk/by-uuid/a17db19d-5037-4cbb-b50b-c85e3e074864 data'RemainAfterExit=trueExecStop=/sbin/cryptsetup -d - -v luksClose data
Note the StopWhenUnneeded=true line: this will make systemd stop the unit (including running the luksClose operation) automatically when the disk is unmounted.
Create another systemd unit with the mountpoint for /mnt/data, and save it as /etc/systemd/system/mnt-data.mount. Note that the unit’s name must match the path of the mountpoint!
[Unit]Requires=unlock-data.serviceAfter=unlock-data.service[Mount]What=/dev/mapper/dataWhere=/mnt/dataType=ext4Options=defaults,noatime,_netdev[Install]WantedBy=multi-user.target
We’re now ready, let’s enable the mnt-data.mount unit so it’s activated at boot, and then mount it right away:
systemctl enable mnt-data.mountsystemctl start mnt-data.mount
You can now check with lsblk to see the encrypted disk mounted:
$ lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT[...]sdc 8:32 0 32G 0 disk└─sdc1 8:33 0 32G 0 part └─data 253:0 0 32G 0 crypt /mnt/data
Try rebooting the system, and you’ll see the partition being mounted automatically.
We’re done! However, keep in mind a few things:
- To mount and un-mount the encrypted disk you must use
systemctl rather than the usual mount and umount commands.
Mount the disk with systemctl start mnt-data.mount, and un-mount with systemctl stop mnt-data.mount - The systemd units are executed only after the network and the other “normal” filesystems are mounted. If you have another service depending on the data disk’s availability, you need to explicitly make its systemd unit depending on the
mnt-data.mount unit (with Requires=mnt-data.mount and After=mnt-data.mount) - As mentioned at the beginning, this solution can’t be used with the root filesystem, but only with secondary data disks.
Appendix: Keyfiles on Azure Blob Storage
In this example, I’m storing the keyfile in Azure Blob Storage. While this doesn’t offer the same protection as a key vault, it can be enough for most people, depending on your threat model. I’m guaranteeing some level of security by:
- Configuring the Storage Account to accept only secure connections that use HTTPS
- Allowing connections only from the IP of my home (I have a “quasi-static” IP, that changes less than once per year)
- Requiring clients to use a SAS token to download the file
My threat model involves people stealing the disk and/or the server. The attacker wouldn’t be able to download the keyfile if they’re not in my network. By having the keyfile on a remote server, I can delete it right away if I need to, e.g. if the physical disk is stolen. This protection is enough for me, but depending on your threat model, you might want to look into more complex solutions, for example involving key vaults.
If you’re starting from scratch, you can create an Azure Storage Account, configure it per the requirements above, and upload your keyfile with the Azure CLI. You will need an Azure subscription, which is free and with this kind of usage you’ll be comfortably within their free tier.
This example assumes that you’ve generated a base64-encoded keyfile available in the keyfile file, in the current working directory, just as per Step 1 above.
# Login to Azure if you need toaz login# Location where to store the keyfile; choose an Azure region close to youexport LOCATION="eastus2"# If you have a fixed (or almost) IP address, you can restrict access to the storage account from that IP.# You can also use an IP range in the CIDR format.# Otherwise, leave this variable as an empty stringexport ALLOW_IP="1.2.3.4"# Generate a random name for the Storage Accountexport STORAGE_ACCOUNT_NAME=$(cat /dev/random | base64 | tr -dc 'a-zA-Z0-9' | tr '[:upper:]' '[:lower:]' | fold -w 15 | head -n 1)# Create a Resource Group and a Storage Accountexport RG_NAME="Keyfiles"az group create --name $RG_NAME --location $LOCATIONaz storage account create \ --name $STORAGE_ACCOUNT_NAME \ --resource-group $RG_NAME \ --location $LOCATION \ --sku Standard_LRS \ --kind StorageV2# Require using TLS/HTTPS onlyaz storage account update \ --name $STORAGE_ACCOUNT_NAME \ --https-only true# Allow from a specific IP only, if the variable ALLOW_IP isn't emptyif [ ! -z "$ALLOW_IP" ]; then # Disallow access from anywhere by default az storage account update \ --resource-group $RG_NAME \ --name $STORAGE_ACCOUNT_NAME \ --default-action Deny # Allow the IP or IP range az storage account network-rule add \ --resource-group $RG_NAME \ --account-name $STORAGE_ACCOUNT_NAME \ --ip-address "$ALLOW_IP" # Disallow "Trusted Microsoft Services" az storage account update \ --resource-group $RG_NAME \ --name $STORAGE_ACCOUNT_NAME \ --bypass Nonefi# Create a blob containeraz storage container create \ --name "keyfiles" \ --public-access off \ --account-name $STORAGE_ACCOUNT_NAME# Upload the keyaz storage blob upload \ --account-name $STORAGE_ACCOUNT_NAME \ --container-name "keyfiles" \ --file "./keyfile" \ --name "keyfile"
Now that the file has been uploaded, we can get a link to it. Since the file is in a “private” container, it requires a special authentication token (SAS token) to be retrieved. SAS tokens add some extra protection thanks to having an expiration date and being tied to an account key, which can be revoked at any time. You can also add additional requirements on the SAS tokens, such as restrictions on IPs; this is a (less ideal) alternative to setting IP restrictions on the Storage Account as shown above.
You can generate a URL with a SAS token for the blob with:
# Create an expiration date 2 years in the future# On Linux:SAS_EXPIRY=$(date -u -d "2 years" '+%Y-%m-%dT%H:%MZ')# On macOS:SAS_EXPIRY=$(date -v+2y -u '+%Y-%m-%dT%H:%MZ')# Generate the URL with the SAS tokenaz storage blob generate-sas \ --account-name $STORAGE_ACCOUNT_NAME \ --container-name "keyfiles" \ --name "keyfile" \ --https-only \ --permissions r \ --expiry "$SAS_EXPIRY" \ --full-uri
Result will be similar to: https://ln5bxfzbl0tlf5z.blob.core.windows.net/keyfiles/keyfile?se=2022-01-19T23%3A02Z&sp=r&spr=https&sv=2018-11-09&sr=b&sig=gkaN2OSzN2zj1WSAPiLJMgtkcXLi2Y8EOVdBUmZQh88%3D
You can use the URL above in the /etc/luks/key.sh script, as per Step 2.
FAQs
Use the ADE key file and the header file to unlock the disk
- Use the cryptsetup luksOpen command to unlock the root partition on the encrypted disk. ...
- Now that you have unlocked the disk, unmount the encrypted disk's boot partition from the /investigateboot/ directory:
Full-disk encryption, usually referred to simply as FDE, is a simple but effective idea: encrypt every sector just before it's written to the disk, regardless of the software, user, file or directory that it belongs to; decrypt every sector just after it's read back in.
What is Crypttab in Linux? ›
crypttab. The /etc/crypttab (encrypted device table) file is similar to the fstab file and contains a list of encrypted devices to be unlocked during system boot up. This file can be used for automatically mounting encrypted swap devices or secondary file systems.
What is auto mounting in Linux? ›
Automounting is the process where mounting and unmounting of certain filesystems is done automatically by a daemon. If the filesystem is unmounted, and a user attempts to access it, it will be automatically (re)mounted.
How does Linux automount work? ›
automount works by reading the auto. master(8) map and sets up mount points for each entry in the master map allowing them to be automatically mounted when accessed. The file systems are then automatically umounted after a period of inactivity.
How do I unlock encrypted files? ›
If you have used EFS or a third-party software to encrypt a file, you may be able to unlock it using its file properties. Right-click the file in File Explorer, select Advanced and then clear the Encrypt Contents to Secure Data check box. If this does not work, contact the software provider.
How do I unencrypt an encrypted drive? ›
To access Recovery Console using Repair CD:
- Log into the Recovery Console CD. If the Device ID is editable, check the correct DeviceID from the PolicyServer.
- Click Recovery Console.
- In the left pane, click Decrypt Disk.
- Click Decrypt found on the bottom right. Wait until the decryption process completes.
Another way to validate the encryption status is by looking at the Disk settings section. This status means the disks have encryption settings stamped, not that they were actually encrypted at the OS level. By design, the disks are stamped first and encrypted later.
How do I know if full disk encryption is enabled? ›
Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption doesn't appear, it isn't available.
How do I decrypt encrypted files in Linux? ›
In order to decrypt an encrypted file on Linux, you have to use the “gpg” command with the “-d” option for “decrypt” and specify the “. gpg” file that you want to decrypt. Again, you will be probably be prompted with a window (or directly in the terminal) for the passphrase.
The dm-crypt system sits between the filesystem software; the filesystem software reads and writes ext4, and the ext4 data gets pushed through dm-crypt which then stores the data in LUKS format on the drive. Thus, you can effectively have a file system such as ext4 or NTFS sitting “on top of” the encrypted LUKS format.
How does Crypttab work? ›
The /etc/crypttab file describes encrypted block devices that are set up during system boot. Empty lines and lines starting with the " # " character are ignored. Each of the remaining lines describes one encrypted block device. Fields are delimited by white space.
What is Cryptsetup? ›
Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel device mapper target dm-crypt. It features integrated Linux Unified Key Setup (LUKS) support.
How to check autofs mount in Linux? ›
Use the mmlsconfig command to verify the automountdir directory. The default automountdir is named /gpfs/automountdir. If the GPFS file system mount point is not a symbolic link to the GPFS automountdir directory, then accessing the mount point will not cause the automounter to mount the file system.
How do I mount a drive in Linux? ›
Identifying and Mounting a Drive using the Linux Terminal
- Identify the USB drive using the lsblk command. ...
- Create a directory to mount the USB drive into. ...
- Mount the USB drive to the /media/pendrive directory using the mount command. ...
- Check the drive has been mounted by re-running lsblk.
By default, Linux OS does not automount any other partition at startup other than the root and the home partition. You can mount other partitions very easily later, but you might want to enable some kind of automount feature on startup.
How do I set up automount? ›
Installing AutoFS on Linux
- Create multiple configuration files in the /etc directory such as : auto. master, auto.net, auto. misc and so on;
- Will create the AutoFS service in systemd;
- Add the “automount” entry to your “nsswitch. conf” file and link it to the “files” source.
Automatically Mounting NFS File Systems with /etc/fstab
- Set up a mount point for the remote NFS share: sudo mkdir /var/backups.
- Open the /etc/fstab file with your text editor : sudo nano /etc/fstab. Add the following line to the file: ...
- Run the mount command in one of the following forms to mount the NFS share:
To enable automounting: Enter the following commands at a command prompt: Copy C:\> diskpart DISKPART> automount enable Automatic mounting of new volumes enabled.
Can encryption be bypassed? ›
One of the most common ways for hackers to obtain sensitive data is to steal the encryption key or intercept the data before it is actually encrypted or after it has been decrypted. However, when this is not possible, the hackers are able to add an encryption layer which is performed by using an attacker's key.
How to Unlock BitLocker Without Password?
- Double-click the drive to bring up the password window, or right-click on it and select Unlock Drive.
- Click More Options.
- In the opened box, you will see two options. ...
- To unlock BitLocker, copy the code you previously saved to a text file and enter it as the recovery key.
There is even a common belief that encrypted data cannot be restored. But in fact, though encryption adds complexity to the recovery process, in most cases, it doesn't prevent it entirely.
What are the 3 types of encryption keys? ›
Symmetric, or secret key encryption, uses a single key for both encryption and decryption. Symmetric key encryption is used for encrypting large amounts of data efficiently. 256-bit AES keys are symmetric keys. Asymmetric, or public/private encryption, uses a pair of keys.
Where are the encrypted password files hidden Linux? ›
To eliminate this vulnerability, newer Linux systems use the /etc/shadow file to store user passwords instead. Traditional password files are maintained in /etc/passwd, but the actual hashed passwords are stored in /etc/shadow.
How do I access encrypted password? ›
Encrypt a database by using a password
- Open the database in Exclusive mode. How do I open a database in Exclusive mode? ...
- On the File tab, click Info, and then click Encrypt with Password. ...
- Type your password in the Password box, type it again in the Verify box, and then click OK.
Most Unicies (and Linux is no exception) primarily use a one-way encryption algorithm, called DES (Data Encryption Standard) to encrypt your passwords. This encrypted password is then stored in (typically) /etc/passwd (or less commonly) /etc/shadow.
Should I encrypt drive Linux? ›
You don't want to risk personal data and potentially access to emails and cloud accounts, if your device is stolen. Encrypting your hard disk will block access to these items. Whether files, partitions, or the full disk is encrypted, the contents will be meaningless to anyone without the encryption key.
Are Linux drives encrypted? ›
Disk Encryption on Ubuntu 20.04 using LUKS
LUKS, short for Linux Unified Key Setup, is a standard hard drive encryption technology for major Linux systems including Ubuntu. It is used for encrypting entire block devices and is therefore ideal for encrypting hard disk drives, SSDs, and even removable storage drives.
Does factory reset remove encryption? ›
The data on most Android phones is encrypted which means that it can't be accessed following a factory reset. As such, you don't need to worry about another person accessing this information if you sell your Android phone.
How do I activate my encryption key? ›
To enable data encryption
On the Home tab, in the Process group, choose Enable Encryption. On the message about saving a copy of the encryption key, choose Yes. In the Set Password window, enter a password that protects the encryption key, and then choose OK.
No, not with the current hardware if a good encryption method was used and the key (password) was long enough. Unless there is a flaw in the algorithm and that you know it, your only option is to brute force it which might takes hundred of years.
How to Encrypt decrypt password in Linux? ›
To encrypt and decrypt files with a password, use gpg command. It is an encryption and signing tool for Linux and UNIX-like operating systems such as FreeBSD, Solaris, MacOS and others. Gnupg is a complete and free implementation of the OpenPGP standard.
What is the decrypt password? ›
What is Decryption. Definition: The conversion of encrypted data into its original form is called Decryption. It is generally a reverse process of encryption. It decodes the encrypted information so that an authorized user can only decrypt the data because decryption requires a secret key or password.
What is crypt in phone? ›
Encryption stores your data in a form that can be read only when your phone or tablet is unlocked. Unlocking your encrypted device decrypts your data. Encryption can add protection in case your device is stolen. All Pixel phones are encrypted by default.
What is device mapper in Linux? ›
The device mapper is a framework provided by the Linux kernel for mapping physical block devices onto higher-level virtual block devices. It forms the foundation of the logical volume manager (LVM), software RAIDs and dm-crypt disk encryption, and offers additional features such as file system snapshots.
How do you use the crypt tool? ›
In this CrypTool demonstration, we will use Caesar, one of the oldest encryption algorithms. Open the Cryptool UI and the document that needs to be encrypted.
...
Decryption process
- Open the encrypted document, and click on “Encrypt. Decrypt” >Symmetric >Caesar.
- Enter “N” as the alphabet character. ...
- Click on decrypt.
GRUB 2.06 has limited support for LUKS2. Although code implementing partial LUKS2 support exists in this version, the bootloader files installed using the default procedure do not support LUKS2. Argon2id is not supported at all in this version either.
What is LUKS master key? ›
the encrypted Master Key is stored in plaintext in the LUKS header, and the decrypted Master Key is used to encrypt and decrypt the disk sectors using a cipher (e.g. AES)
What is a LUKS device? ›
According to Wikipedia, the Linux Unified Key Setup (LUKS) is a disk encryption specification created by Clemens Fruhwirth in 2004 and was originally intended for Linux. LUKS uses device mapper crypt ( dm-crypt ) as a kernel module to handle encryption on the block device level.
What is RPC encryption? ›
Secure RPC (Remote Procedure Call) protects remote procedures with an authentication mechanism. The Diffie-Hellman authentication mechanism authenticates both the host and the user who is making a request for a service. The authentication mechanism uses Data Encryption Standard (DES) encryption.
Identifying and Mounting a Drive using the Linux Terminal
- Identify the USB drive using the lsblk command. ...
- Create a directory to mount the USB drive into. ...
- Mount the USB drive to the /media/pendrive directory using the mount command. ...
- Check the drive has been mounted by re-running lsblk.
Let's see the steps in details.
- Step 1: Install Disclocker. Dislocker is available in the repositories of most Linux distributions. ...
- Step 2 : Create mount points. You'll need to create two mount points. ...
- Step 3: Get the partition info which needs to be decrypted. ...
- Step 4: Decrypt the partition and mount.
The installation process that worked for me
- Before you start. What you would need: ...
- Create a bootable Ubuntu 20.04 LTS USB drive. ...
- Change boot settings. ...
- Boot Ubuntu from bootable USB. ...
- Install Ubuntu onto External SSD. ...
- Updating software and drivers. ...
- Add custom swap file (optional) ...
- Reconnect your internal drives.
To enable automounting: Enter the following commands at a command prompt: Copy C:\> diskpart DISKPART> automount enable Automatic mounting of new volumes enabled. Type exit to end the diskpart session.
...
You must enable automounting when using:
- Raw partitions for Oracle ASM.
- Oracle Clusterware.
- Logical drives for Oracle ASM.
mount command is used to mount the filesystem found on a device to big tree structure(Linux filesystem) rooted at '/'. Conversely, another command umount can be used to detach these devices from the Tree. These commands tells the Kernel to attach the filesystem found at device to the dir.
How do I fix mount issue in Linux? ›
Troubleshooting NFS Mount Issues in Linux
- Install the required nfs packages if not already installed on the server # rpm -qa | grep nfs-utils. # yum install nfs-util.
- Use the mount command to mount exported file systems. ...
- Update /etc/fstab to mount NFS shares at boot time.
Mounting and unmounting media using Linux
- Make sure that the /mnt/cdrom directory exists on your server. If this directory does not exist, type mkdir /mnt/cdrom and then press Enter.
- To mount the CD, type mount /dev/scd0 –t iso9660 –o ro /mnt/cdrom and then press Enter.
This is because Linux does not support BitLocker disk encryption, so by default Linux cannot unlock BitLocker encrypted drives. To access BitLocker-encrypted drives in Linux, we have to use a third-party BitLocker solution for Linux, such as Hasleo BitLocker Anywhere For Linux or dislocker.
Can you use a drive encrypted by BitLocker in a Linux system? ›
Dislocker has been designed to read BitLocker encrypted partitions under a Linux system. The driver used to read volumes encrypted in Windows system versions of the Vista to 10 and BitLocker-To-Go encrypted partitions, that's USB/FAT32 partitions.
How do I get Linux to recognize a new hard drive? ›
Try the following commands for SCSI and hardware RAID based devices:
- sdparm Command – fetch SCSI / SATA device information.
- scsi_id Command – queries a SCSI device via the SCSI INQUIRY vital product data (VPD).
- Use smartctl To Check Disk Behind Adaptec RAID Controllers.
- Use smartctl Check Hard Disk Behind 3Ware RAID Card.
In order to decrypt an encrypted file on Linux, you have to use the “gpg” command with the “-d” option for “decrypt” and specify the “. gpg” file that you want to decrypt. Again, you will be probably be prompted with a window (or directly in the terminal) for the passphrase.
How to check AutoFS mount in Linux? ›
Use the mmlsconfig command to verify the automountdir directory. The default automountdir is named /gpfs/automountdir. If the GPFS file system mount point is not a symbolic link to the GPFS automountdir directory, then accessing the mount point will not cause the automounter to mount the file system.
How to use AutoFS in Linux? ›
Installing AutoFS on Linux
- Create multiple configuration files in the /etc directory such as : auto. master, auto.net, auto. misc and so on;
- Will create the AutoFS service in systemd;
- Add the “automount” entry to your “nsswitch. conf” file and link it to the “files” source.
To disable it per user:
- Open System->Preferences->Removeable Drives and Media Preferences .
- Alternatively, use the command below: $ gconftool-2 --type bool --set /desktop/gnome/volume_manager/automount_drives false $ gconftool-2 --type bool --set /desktop/gnome/volume_manager/automount_media false.
