Index: scripts/crypt_setup.sh
===================================================================
diff -u -r3f328e08487912536ea5f9633014d08fd2010dac -rb003a83a376146935b9c0f707fc838a471738a9c
--- scripts/crypt_setup.sh	(.../crypt_setup.sh)	(revision 3f328e08487912536ea5f9633014d08fd2010dac)
+++ scripts/crypt_setup.sh	(.../crypt_setup.sh)	(revision b003a83a376146935b9c0f707fc838a471738a9c)
@@ -42,6 +42,7 @@
 LOC_MAP="/dev/mapper/"$LOC_DIR
 LOC_VAR="/var/"$LOC_DIR
 LOC_CRC="settings.crc"
+LOC_CFG="/home/root/.config"
 
 DEV_TYP="crypto_LUKS"
 DEV_MNT="/dev/mapper/configurations on /var/configurations type ext4 (rw,relatime)"
@@ -69,16 +70,21 @@
 }
 
 function checkShaSum() {
-    cd "$LOC_VAR"
+    if [ "$(whoami)" == "root" ]; then
+      cd "$LOC_CFG"
+    else
+      cd "$LOC_VAR"
+    fi
 
     if [ ! -f "$LOC_CRC" ]; then
       echo "Settings CRC failed [crc file does not exists]"
       exit $ERR_CRYPTSETUP_MOUNT_CRC
     fi
 
     out=$( sha256sum -c "$LOC_CRC" | grep "FAILED" )
-    cd -
+    echo "$(pwd)out" > /tmp/checksum.log
 
+    cd -
     if [ ! "$out" == "" ]; then
       echo "Settings CRC FAILED"
       exit $ERR_CRYPTSETUP_MOUNT_CRC
Index: scripts/globals.sh
===================================================================
diff -u -rf36cf6cc6c8ba5160c3bac01586e0cd848a0148f -rb003a83a376146935b9c0f707fc838a471738a9c
--- scripts/globals.sh	(.../globals.sh)	(revision f36cf6cc6c8ba5160c3bac01586e0cd848a0148f)
+++ scripts/globals.sh	(.../globals.sh)	(revision b003a83a376146935b9c0f707fc838a471738a9c)
@@ -119,6 +119,17 @@
 SETTING_CONF_FOLDER_PATH=/var/configurations 
 SETTINGS_CRC_FILE_PATH=$DENALI_HOME/settings.crc
 
+function user_input() {
+  read -p "$1? $2" -n 1 -r
+  if [ "$CONTINUE" == "y" ]; then
+    echo ""
+    return $TRUE
+  else
+    echo ""
+    return $FALSE 
+  fi
+}
+
 function confirm() {
   read -p "$1? [y,n]" -n 1 -r CONTINUE
   if [ "$CONTINUE" == "y" ]; then
Index: scripts/lockdown.sh
===================================================================
diff -u -r3f328e08487912536ea5f9633014d08fd2010dac -rb003a83a376146935b9c0f707fc838a471738a9c
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision 3f328e08487912536ea5f9633014d08fd2010dac)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision b003a83a376146935b9c0f707fc838a471738a9c)
@@ -230,7 +230,19 @@
   # Add Denali and Cloud to other user groups as needed.
   usermod -a -G video denali
   usermod -a -G input denali
-  usermod -a -G tty denali
+  usermod -a -G tty   denali
+  
+  # copy the settings crc
+  local FIL_RMD=readme.md
+  local FIL_CRC=settings.crc
+  local SRC_CRC=/home/root/.config/
+  local DST_CRC=/var/configurations/
+  cp    "$SRC_CRC$FIL_RMD"  "$DST_CRC$FIL_RMD" #TODO remove from the shasum
+  cp    "$SRC_CRC$FIL_CRC"  "$DST_CRC$FIL_CRC"
+  chown denali.denali       "$DST_CRC$FIL_CRC"
+  chmod u=r                 "$DST_CRC$FIL_CRC"
+  chmod g-rwx               "$DST_CRC$FIL_CRC"
+  chmod o-rwx               "$DST_CRC$FIL_CRC"
 }
 
 function cleanup() {
Index: scripts/usb_mount.sh
===================================================================
diff -u -r2f75b72d23e1a377fd13805c12cc897df912e5c6 -rb003a83a376146935b9c0f707fc838a471738a9c
--- scripts/usb_mount.sh	(.../usb_mount.sh)	(revision 2f75b72d23e1a377fd13805c12cc897df912e5c6)
+++ scripts/usb_mount.sh	(.../usb_mount.sh)	(revision b003a83a376146935b9c0f707fc838a471738a9c)
@@ -1,29 +1,29 @@
-#!/bin/sh
-###########################################################################
-#
-# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved.
-#
-# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN
-# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER.
-#
-# @file    unmountUSB.sh
-#
-# @author  (last)      Behrouz NematiPour
-# @date    (last)      11-May-2021
-# @author  (original)  Behrouz NematiPour
-# @date    (original)  11-May-2021
-#
-############################################################################
-
-# $1 - usb device
-# $2 - usb drive
-# eg. sudo mount -o "noexec,sync,nodev,nosuid" /dev/sda1 /media/usb/
-sudo mount -o "noexec,sync,nodev,nosuid" $1 $2
-if [ $? == 0 ]; then
-  echo ""
-  exit 0
-else
-  echo "usb drive $2 cannot be mounted."
-  exit 1001
-fi
-
+#!/bin/sh
+###########################################################################
+#
+# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved.
+#
+# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN
+# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER.
+#
+# @file    unmountUSB.sh
+#
+# @author  (last)      Behrouz NematiPour
+# @date    (last)      11-May-2021
+# @author  (original)  Behrouz NematiPour
+# @date    (original)  11-May-2021
+#
+############################################################################
+
+# $1 - usb device
+# $2 - usb drive
+# eg. sudo mount -o "noexec,sync,nodev,nosuid" /dev/sda1 /media/usb/
+sudo mount -o uid=denali,gid=denali,umask=077,noexec,sync,nodev,nosuid $1 $2
+if [ $? == 0 ]; then
+  echo ""
+  exit 0
+else
+  echo "usb drive $2 cannot be mounted."
+  exit 1001
+fi
+