[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Serveur with encrypted partition : 2 steps boot.




On Apr 11, 2013, at 11:58 AM, Erwan David wrote:

Le 11/04/2013 20:53, Rick Thomas a écrit :

On Apr 11, 2013, at 12:22 AM, Erwan David wrote:

On Thu, Apr 11, 2013 at 08:25:56AM CEST, Bob Proulx <bob@proulx.com> said:
Erwan David wrote:
2) add at the beginning of each /etc/init.d/myserv a test to stop if
the encrypted partition is not mounted

Neither of those solutions seems acceptable for me.

So if someone has an idea, I'm listening.

I would do one of two things. Either I would remove the /etc/ rc?.d/S*
links associated with the services you don't want to start, or make
the script not executable.  Then start them manually later as you
wish. Or I would install a /usr/sbin/policy-rc.d script that did your automated check and only allowed the services to start if the disk was
mounted as you wish.

See the man page for invoke-rc.d for the first pass documentation.
Then read the README.policy-rc.d.gz file.

Thanks, I was not aware of policy-rc.d, which seems to be exactly what I need.

Are you aware that init supports multiple run-levels (man 8 init) each with its own set of services? I'll bet you can use this to do what you want...

Rick


You mean booting in level 2, where dovecot, postgresql, etc. are not started (but ssh is), then after giving the decryption key and mounting the encrypted partition switching to runlevel 3 where they are started ?

Indeed it may also be a good solution.

Yup.  I thought so too.

Enjoy!

Rick

Reply to: