From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 2 Dec 2010 14:25:04 +0100 (CET) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1PO99j-0005It-Rz for dm-crypt@saout.de; Thu, 02 Dec 2010 14:25:03 +0100 Received: from p5796b787.dip.t-dialin.net ([87.150.183.135]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Dec 2010 14:25:03 +0100 Received: from rudolf.deilmann by p5796b787.dip.t-dialin.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 02 Dec 2010 14:25:03 +0100 From: Rudolf Deilmann Date: Thu, 2 Dec 2010 14:10:52 +0100 Message-ID: <20101202141052.745842e1@gmail.com> References: <093b4dd60a1da8c8dc794e942fa2798b@mailoo.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] mounting luks-encrypted external drive without root access List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Am Wed, 01 Dec 2010 01:24:04 +0100 schrieb : > How can I allow a user to "cryptsetup" some predetermined drive ? > Any option in crypttab ? perhaps pmount is enough for your purpose: http://pmount.alioth.debian.org/ man pmount: ------------ pmount ("policy mount") is a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry. pmount also supports encrypted devices which use dm-crypt and have LUKS metadata. If a LUKS-capable cryptsetup is installed, pmount will use it to decrypt the device first and mount the mapped unencrypted device instead. [...] *Files* /etc/pmount.allow List of devices (one device per line) which are additionally permitted for pmounting. Globs, such as /dev/sda[123] are permitted. See see glob (7) for a more complete syntax. [...] ------------