From: "JT Morée" <moreejt@yahoo.com>
To: list Linux dm-crypt <dm-crypt@saout.de>
Subject: [dm-crypt] Re: secure use of cryptsetup by non-root
Date: Mon, 9 Aug 2021 12:27:24 +0000 (UTC) [thread overview]
Message-ID: <1387159183.484563.1628512044605@mail.yahoo.com> (raw)
In-Reply-To: <24848.7483.960376.147274@cyme.ty.sabi.co.uk>
>> 1) Is 'secure use of cryptsetup by non-root' a supported use case?
> It would be interesting to read an explanation of how you think that *direct* use of 'cryptsetup' by users, ... could be "secure", ....
Are you asking for justification for why this is a valid use case or asking about the technical limitations for said use case?
For the latter, that's what we are discussing. Allowing non root access to encrypted storage may take a lot of work but since this and upstream limitations are open source we could make it happen. To do that requires understanding, discussion, planning, etc.--even if I end up doing it all myself. The use case is END USER + ENCRYPTION. cryptsetup, LUKS, device mapper are means to that end. Direct use of cryptsetup is only 1 possible path.
Just in case you are asking the former: allowing non root users secure access to 'features' is generally a way to avoid something like the windows security model where almost everything has to be run as admin to get anything done.
--
JT
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
prev parent reply other threads:[~2021-08-09 12:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1876586861.281618.1628426928218.ref@mail.yahoo.com>
2021-08-08 12:48 ` [dm-crypt] secure use of cryptsetup by non-root JT Morée
2021-08-08 13:16 ` [dm-crypt] " Milan Broz
2021-08-08 18:43 ` Peter Grandi
2021-08-08 19:48 ` Milan Broz
2021-08-09 12:03 ` JT Morée
2021-08-08 18:06 ` Peter Grandi
2021-08-09 12:27 ` JT Morée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1387159183.484563.1628512044605@mail.yahoo.com \
--to=moreejt@yahoo.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox