Friday, May 11, 2012

Loopback Devices in Linux

The purpose for using a loopback device is to fake out some piece of software so that you can "mount" a file as a disk and read the filesystem in it; the thing that the loopback device points to does not have to be a separate drive, but it can be a file! Once you mount your blank file, you can store individual files in it, and even copy it to a new volume, instantly filling that volume with the directory tree and all that it contains!

This tutorial will cover creation of an encrypted filesystem.

The first step will be to edit your /etc/fstab file that specifies what to mount and how. Add a line that reads the following, and make sure that there is a blank line at the end of the file.
/dev/loop0 /mnt/abhishek ext2 user,noauto,rw,loop 0 0

This says to mount the loop device /dev/loop0 on the mountpoint /mnt/crypt. It declares it to be of filesystem type ext2 and specifies the options user,noauto,rw.loop meaning that the device is a loop device, it should be mounted read-only, not at boottime, and only the user that mounts it can unmount it. The last two options, 0 0, mean that it is not to be checked for errors. (See the mount manfile for more information on options)

The next step is to create your mountpoint.
[root@abhishek]# mkdir /mnt/abhishek

The next step is to create the file that will hold the new filesystem (to be mounted as a loopback device). The command dd is very powerful. Use it with caution. The size of this file will be fixed, with the said number of blocks. The argument bs=1M means that the block size is to be one megabyte, and that there are to be ten blocks. (see the dd manfile for other options and abbreviations) The data is read in from /dev/urandom, and placed in the file /etc/cryptfile.
[root@abhishek]# dd if=/dev/urandom of=/etc/cryptfile bs=1M count=10

Next, we need to run losetup to setup the loop device (note: we have not created a filesystem yet)
[root@abhishek# losetup -e des /dev/loop0 /etc/cryptfile

The argument -e des indicates that we want DES encryption used on this loopback device. Any other encryption scheme may be used, as long as your kernel supports it. (see losetup man file). We explicitly declare here that the loop device node /dev/loop0 is to be used to point to /etc/cryptfile. Without it, we would get the next available loop device. You will be asked for a password - remember it! If this doesn't work, try without the encryption option. Configure your kernel to support encryption algorithms.

To detach the file from the device node, do: (to re-attach it, execute the same command as above)
[root@abhishek]# losetup -d /dev/loop0

Now, we need to create the filesystem on this "device" (remember, it is only a file) Choose a filesystem type, and create it using the mkfs tool. In our example, we use ext2, checking the target device for bad blocks and assigning the label "cryptoFS": (Make sure the device is setup with losetup)
[root@abhishek]# mkfs.ext2 -c -L cryptoFS /dev/loop0

Now that our device has been initialized with a filesystem, we can mount and use it! Simply run mount with either the device or the target mountpoint to mount it according to the fstab entry.
[root@abhishek]# mount /dev/loop0

Now you can cd into this directory, and write files there - be careful not to exceed the capacity you gave it! To get out, you must first unmount it, then detach the loop device:
[root@abhishek]# umount /dev/loop0
[root@abhishek]# losetup -d /dev/loop0

Congratulations, you may now use loopback devices! Once created, other users may mount and access this device; however, they must know the password.


No comments: