Arch Linux

valo

Member

From: IT

Registered: 2013-08-23

Posts: 8

Automount encrypted external HDD on plug

Hello everybody, I searched for a while but i've only found an old thread about this.
Disclaimer: I don't know pretty anything about udev and udisk
I'm trying to write an udev rule that automatically detects, unlock and mount (user rw) my external HDD, I know maybe it's not a really safe thing to do but i'm on my laptop with full disk encryption and only root can read the keyfile.
As of now i've managed to write this udev rule

ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition", ENV{ID_FS_UUID}=="uuid of the drive", RUN+="/home/aero/programmi/script/prs_unlocknmount.sh $env{DEVNAME    }"

the script is:

#!/bin/sh
/sbin/cryptsetup --key-file fullPathToKeyfile luksOpen $1 crytt1tb
/sbin/mount /mnt/uuid of the mapped luks partition

$1 stands for the argument passed by the udev rule $env{DEVNAME}

in /etc/fstab the entry is

UUID=uuid of the mapped luks partition       /mnt/uuid of the mapped luks partition       ext4 defaults      0 3

 udevadm test $(udevadm info -q path -n /dev/sdc2) 2>&1

gives

run: '/home/aero/programmi/script/prs_unlocknmount.sh /dev/sdc2'  

So it fires when the disk is plugged.

If I execute the script from a terminal everything goes fine, I've reloaded udev rules after every change made to the script but if I plug the disk nothing happens aside from the usual KDE notification from the applet.

It would be nice also to be able to unmount the drive from dolphin without password and close the luks volume once the drive is unmounted.

I don't know how the volumes are managed from kde, I understood i'ts udisks2 but i've no clue on how I can use it, I'd like to get the same behaviour as when I click on the applet and insert the password.

Thanks

falconindy

Developer

From: New York, USA

Registered: 2009-10-22

Posts: 4,111

Website

Re: Automount encrypted external HDD on plug

You can't mount filesystems from udev rules. The mount occurs in a different namespace.

Look at systemd.device(5) for how to use ENV{SYSTEMD_WANTS}

---

blog | ±github

valo

Member

From: IT

Registered: 2013-08-23

Posts: 8

Re: Automount encrypted external HDD on plug

Ok, thanks for the answer, I didn't know, i read this article http://www.cbjck.de/2014/03/27/automati … pted-disk/ and tought I could do as well.
Why running the script doesn't work? Isn't it run with root privileges?

Sorry but I still don't understand, should I add a udev rule  tagging my disk to be handled by systemd, write into cryptab the entry and then magically systemd-cryptsetup.service mouts my partition?
And how can I manage to do it when the device is inserted?
Can you point out some places where I can learn? I'm drowning in tons of firefox tabs I don't uderstand
The manpages are meaningless at my eyes
Thanks again

Last edited by valo (2014-07-07 16:54:42)

trollof

Member

Registered: 2020-06-10

Posts: 2

Re: Automount encrypted external HDD on plug

I've just set this up myself today, so let me tell you how I did it, maybe that helps.

The overall idea is that

udisks2.service

picks up that you've connected an external drive and uses the information in both

/etc/crypttab

and

/etc/fstab

to decrypt and mount the newly plugged in device.

You already have your external HDD's UUID, so let's create an entry for it in

/etc/crypttab

like this:

<choose any name for your device, e.g. bunny>    /dev/disk/by-uuid/<UUID of your HDD>    <path to the keyfile>    luks,nofail

The options specify that you're using LUKS and that it's o.k. if the device is not present during boot (otherwise the boot process will wait for a long time for the device to appear increasing your boot duration - not sure if it would even wait forever).

Next up is

/etc/fstab

and I'm no expert, but the entry from your original post looks wrong to me (or at least it uses a completely different approach I'm not familiar with), as you don't want to mount the device directly, but want to mount the decrypted filesystem (probably filesystem is not the right term here, sorry) something like this

/dev/mapper/<the same name you've chosen in the /etc/crypttab>    <wherever you want to mount the device>    ext4    nofail    0 3

Make sure the mount point exists.

Now you need to either reboot or do a

systemctl daemon-reload

to pick up your changes as well as

systemctl enable --now udisks2.service

(in case it's not enabled already) and you should be good to go.

Now, for transparency, this doesn't quite work for me yet because udisk2.service fails to mount the SSD I have, but the issue seems to be specific to SSDs.

I hope this helps.

WorMzy

Administrator

From: Scotland

Registered: 2010-06-16

Posts: 12,573

Website

Re: Automount encrypted external HDD on plug

Please pay attention to the age of threads and don't necrobump -- valo hasn't been present on the forums since 2017, so it's unlikely they are still looking for a solution.

Closing.

---

Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.