Skip to main content

fstab & cryptab

fstab (File Systems Table)

The fstab (file systems table) is a system configuration file (/etc/fstab) used to define how disk partitions, filesystems, and other storage devices should be mounted and integrated into the filesystem at boot time.

Purpose of fstab

  • Mounting Filesystems: fstab tells the operating system which filesystems to mount and where to mount them in the directory structure.
  • Automating Mounting: It allows for the automatic mounting of filesystems at boot time without user intervention.
  • Specifying Options: It provides options for mounting, such as read/write permissions, mount points, and special parameters for specific filesystems.

fstab Format

The fstab file consists of lines, each of which describes a filesystem. Each line contains six fields, separated by spaces or tabs:

  1. Filesystem: The block device or remote filesystem to be mounted (e.g., /dev/sda1, UUID=xxxxx, LABEL=xxxxx, /server/share).
  2. Mount Point: The directory where the filesystem will be mounted (e.g., /, /home, /mnt/data).
  3. Type: The type of filesystem (e.g., ext4, ntfs, nfs, tmpfs).
  4. Options: Mount options (e.g., defaults, noatime, ro, rw). Multiple options are comma-separated.
  5. Dump: A number indicating whether the filesystem should be backed up by the dump utility (0 for no, 1 for yes).
  6. Pass: The order in which filesystems should be checked at boot time by the fsck utility (0 for no check, 1 for the root filesystem, 2 for other filesystems).

You never need to enable dump - it's an old outdated command.

example:

# <file system>  <mount point>  <type>  <options>           <dump>  <pass>
UUID=1234-5678   /              ext4    defaults            0       1
UUID=8765-4321   /home          ext4    defaults            0       2
/dev/sda2        swap           swap    sw                  0       0
/server/share   /mnt/share     cifs    username=user,password=pass 0 0

cryptab (Cryptographic Devices Table)

Table of encrypted block devices to be unlocked and set up at boot. Note that cryptab isn't responsible for mounting encrypted disks or partitions - this still needs to be done by fstab - instead cryptab is responsible for unlocking encrypted drives at boot.

Configuring a cryptab entry

Obtain the UUID of the device/partition

blkid

Pick a name you want the unlocked device to appear as under /dev/mapper/.
Example: /dev/mapper/secure_data

Decide on a Key Method
Use none for passphrase prompt at boot

Or use a keyfile (e.g., /root/.luks-keyfile)

Add the config to /etc/cryptab

With keyfile:

secure_data UUID=1234-5678-90AB-CDEF /root/.luks-keyfile luks

Without keyfile

secure_data UUID=1234-5678-90AB-CDEF none luks

Add an fstab entry if desired

No Comments
Back to top