You are not logged in.
- Topics: Active | Unanswered
#1 2015-07-29 20:11:45
- FixedWing
- Member
- Registered: 2015-03-14
- Posts: 7
How to auto access encrypted container on network share at login?
Please forgive me if this is obvious and/or has been fully addressed elsewhere. I've looked and tried and am still stuck.
I want to mount a share and access an encrypted Truecrypt container as a non-root user at login. I don't want either the share or container being accessible to other non-root users on the system. And I don't want to grant the user root privileges, either.
The problem I'm having is with ownership. If I mount the share and decrypt the container as root, then the files in the container are owned by root and the non-root user cannot access them.
If I allow users to mount the share, that works. The non-root user then owns the files in the share. But when the non-root user then uses Cryptsetup to decrypt the container, the device mapper fails due to the non-root user not being root. This is true even if Cryptsetup is run using sudo. And if root then decrypts the container, root owns the files in the container and the non-root user cannot access them.
This is as far as I've got.
Any pointers would be greatly appreciated.
Thank you.
Stephen
Offline
#2 2015-08-15 18:53:24
- Strike0
- Member
- From: Germany
- Registered: 2011-09-05
- Posts: 1,489
Re: How to auto access encrypted container on network share at login?
You could define a sudoers entry to let that user open the container with cryptsetup: https://wiki.archlinux.org/index.php/Su … le_Entries
Not sure about your approach though. Regular way is to open the container with root/sudo and mount where users can rw-access the mount. Next, the filesystem access rights of the dirs/files within the container are what you use to deny access to other non-root users. That's what you get with blockdevice encryption.
There is also https://aur.archlinux.org/packages/cryptmount/
but that has no truecrypt compat.
Offline