[dm-crypt] mounting luks-encrypted external drive without root access

[dm-crypt] mounting luks-encrypted external drive without root access

[nimiezko]

 Hello,

 In fstab there is an option "user" which allows non-root users to mount 
 the designed FS.
 It's useful for removable media.

 How can I allow a user to "cryptsetup" some predetermined drive ?
 Any option in crypttab ?

 Thanks in advance.

Re: [dm-crypt] mounting luks-encrypted external drive without root access

[Arno Wagner]

I think giving that user access permissions (file permissions) 
to the drive should be enough. Best done via a special
group and adding the user to that group.

Alternative is a suid binary or script. That is basically
what is done for fstab, i.e. /bin/mount runns as su-root.

Arno

 



On Wed, Dec 01, 2010 at 01:24:04AM +0100, nimiezko@mailoo.org wrote:
> Hello,
>
> In fstab there is an option "user" which allows non-root users to mount  
> the designed FS.
> It's useful for removable media.
>
> How can I allow a user to "cryptsetup" some predetermined drive ?
> Any option in crypttab ?
>
> Thanks in advance.
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
>

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

Re: [dm-crypt] mounting luks-encrypted external drive without root access

[Rudolf Deilmann]

Am Wed, 01 Dec 2010 01:24:04 +0100
schrieb <nimiezko@mailoo.org>:
>  How can I allow a user to "cryptsetup" some predetermined drive ?
>  Any option in crypttab ?

perhaps pmount is enough for your purpose:
http://pmount.alioth.debian.org/

man pmount:
------------
pmount ("policy mount") is a wrapper around the standard mount program
which permits normal users to mount removable devices without a
matching /etc/fstab entry.

pmount also supports encrypted devices which use dm-crypt and have LUKS
metadata. If a LUKS-capable cryptsetup is installed, pmount will use it
to decrypt the device first and mount the mapped unencrypted device
instead. [...] 

*Files*

/etc/pmount.allow
List of devices (one device per line) which are additionally permitted
for pmounting. Globs, such as /dev/sda[123] are permitted. See see glob
(7) for a more complete syntax. 
[...] 
------------

Re: [dm-crypt] mounting luks-encrypted external drive without root access

[Ma Begaj]

2010/12/1  <nimiezko@mailoo.org>:
> Hello,
>
> In fstab there is an option "user" which allows non-root users to mount the
> designed FS.
> It's useful for removable media.
>
> How can I allow a user to "cryptsetup" some predetermined drive ?
> Any option in crypttab ?
>
> Thanks in advance.


nautilus (gnome file manager) is showing my non-mounted luks drives and
a double click on this entry asks me for a password and mount it.

but that is only maybe a solution if you use gnome/nautilus and your nautilus
probably has to be compiled with luks support and your HAL daemon has
to support it.