cryptdisks_stop

cryptdisks_stop device_name

device_name
    The logical name of the encrypted device to stop. This name typically corresponds to an entry in /etc/crypttab or the name under /dev/mapper/ that represents the active encrypted volume.

cryptdisks_stop is a crucial command within the Linux disk encryption ecosystem, primarily used to securely deactivate an active encrypted volume. Often found as a helper script or service on Debian/Ubuntu-based distributions, it acts as a high-level wrapper, typically invoking underlying cryptsetup luksClose commands.

Its main purpose is to close the encrypted device, preventing further access to the data until it is reactivated with the correct passphrase. This command is vital during system shutdown to ensure all encrypted volumes are properly detached, or when manually deactivating a volume after use. Before running cryptdisks_stop, it is paramount that all filesystems residing on the encrypted device are unmounted using the umount command. Failure to unmount can lead to data corruption or loss.

cryptdisks_stop takes the logical name of the encrypted device (e.g., my_encrypted_volume from /etc/crypttab) as an argument, closing the corresponding /dev/mapper/ entry. It contributes to maintaining data integrity and security by ensuring clean disengagement of encrypted storage.

• It is absolutely critical to unmount any filesystems mounted on the encrypted device before attempting to stop it with cryptdisks_stop. Failure to do so can lead to severe data corruption or loss.
• The command requires root privileges to execute successfully.
• The command will fail if the specified device_name is not an active encrypted device or if it is still in use (e.g., open files, active processes).

On systems configured with encrypted volumes defined in /etc/crypttab, cryptdisks_stop is often invoked automatically as part of the system shutdown process. This ensures that all active encrypted volumes are securely closed before the system powers off, preventing data inconsistencies or unauthorized access.

To manually deactivate an encrypted volume (e.g., one activated with cryptdisks_start or cryptsetup luksOpen), the typical workflow involves:

1. Identify the mounted filesystem(s) on the encrypted device.
2. Unmount all filesystems using umount.
3. Stop the encrypted device using cryptdisks_stop device_name.

cryptdisks_stop, along with cryptdisks_start, emerged as part of the cryptsetup utilities package, primarily on Debian and Ubuntu-based distributions. These scripts were historically used by traditional init systems (e.g., /etc/init.d/cryptdisks) to manage encrypted volumes during system boot and shutdown. With the adoption of systemd, their role often transitioned to being called by systemd-cryptsetup services or serving as wrappers for cryptsetup commands, maintaining a consistent high-level interface for users and administrators. Their development has been integral to the secure and automated management of dm-crypt and LUKS encrypted storage in Linux.

cryptsetup(8): The underlying utility used for managing LUKS encrypted devices., crypttab(5): The configuration file that defines encrypted volumes to be activated during system boot., cryptdisks_start(8): The counterpart command used to activate encrypted disk devices., mount(8): Used to attach filesystems to the file hierarchy., umount(8): Used to detach filesystems from the file hierarchy., systemd-cryptsetup(8): For systems using systemd, this unit manages encrypted volumes.