You are not logged in.
Pages: 1
Hi,
I have a external harddisk which is encrypted using truecrypt. I also wrote a custom udev rule which automatically mounts this hd whenever I attach it to my machine. However, the password is contained as plain text in the script which makes the encryption itself kinda useless if someone gains access to it. What I like to do is to use zenity - so whenever I attach the disk a small entry box pops up where I have to enter the password. But this doesn't seem to work. So my question is - is something like that possible at all?
Thanks in advance
Last edited by chimeric (2007-10-22 18:07:36)
Offline
However, the password is contained as plain text in the script which makes the encryption itself kinda useless if someone gains access to it.
Not good at all.
What I like to do is to use zenity - so whenever I attach the disk a small entry box pops up where I have to enter the password. But this doesn't seem to work. So my question is - is something like that possible at all?
Can you be more specific about what doesn't work?
- Does nothing at all happen;
- or do you get a zenity box that won't accept a password;
- or do you get a message saying you must be root;
- etc.
Offline
Can you be more specific about what doesn't work?
- Does nothing at all happen;
- or do you get a zenity box that won't accept a password;
- or do you get a message saying you must be root;
- etc.
Thanks for your reply! Nothing happens at all. I get no zenity entry box. The script in question looks like this (tested from a commandline as root - works):
#!/bin/sh
PASS=$(zenity --entry --title="truemount" --text="enter password" --hide-text)
/usr/bin/truecrypt -M "uid=chi,gid=chi" -p $PASS /dev/sdb /home/chi/mnt/coruscant
I've started the udevd daemon manually with the --verbose switch and I get the following messages when the udev rule is triggered:
[5766] run_program: '/home/chi/bin/truemount.sh'
[5766] run_program: '/home/chi/bin/truemount.sh' (stderr) ''
[5766] run_program: '/home/chi/bin/truemount.sh' (stderr) '(zenity:5778): Gtk-WARNING **: cannot open display: '
[5766] run_program: '/home/chi/bin/truemount.sh' (stderr) 'Cannot read volume header: Is a directory'
[5766] run_program: '/home/chi/bin/truemount.sh' returned with status 1
So I assume that I can't interact with the WM in the context the script is called or am I missing something else here?
Offline
Thanks for your reply! Nothing happens at all. I get no zenity entry box. The script in question looks like this (tested from a commandline as root - works):
#!/bin/sh PASS=$(zenity --entry --title="truemount" --text="enter password" --hide-text) /usr/bin/truecrypt -M "uid=chi,gid=chi" -p $PASS /dev/sdb /home/chi/mnt/coruscant
I've started the udevd daemon manually with the --verbose switch and I get the following messages when the udev rule is triggered:
[5766] run_program: '/home/chi/bin/truemount.sh' [5766] run_program: '/home/chi/bin/truemount.sh' (stderr) '' [5766] run_program: '/home/chi/bin/truemount.sh' (stderr) '(zenity:5778): Gtk-WARNING **: cannot open display: ' [5766] run_program: '/home/chi/bin/truemount.sh' (stderr) 'Cannot read volume header: Is a directory' [5766] run_program: '/home/chi/bin/truemount.sh' returned with status 1
So I assume that I can't interact with the WM in the context the script is called or am I missing something else here?
The first error:
'(zenity:5778): Gtk-WARNING **: cannot open display: '
results from not being able to find DISPLAY :0.0. You will typically see this type of message when trying to launch GUI apps from the console as you have probably guessed.
The second error message:
'Cannot read volume header: Is a directory'
only results because of the failed zenity password acquisition attempt.
To test the DISPLAY issue using another scenario, drop out to a terminal (e.g., CTRL+ALT+F1) and run your script. You will get the exact error messages generated by udev (see NOTE below).
Now, I have never attempted to launch a GUI application (such as zenity) using a udev rule, and it seems logical that one would get a DISPLAY error by attempting to do so.
However, if you are up to installing another application that should work quite well for what you want, you can try 'ivman'. If you are running GNOME, gnome-volume-manager is similar, but I've had issues with GVM and prefer ivman because it is agnostic in regard to DE and WM. Ivman is simple to set-up, and if you've gotten this far with udev and bash scripting, you should have no trouble. By the way, you can set ivman to check for items already connected at login, and it will execute the appropriate rules for the connected devices:
<ivm:Option name="checkOnInit" value="true" />
or you can simply have ivman ignore them until they are actually connected during a session.
Let us know what you decide or how it works out otherwise.
Note:
FWIW, I modified your script to fit my setup for testing (changed uid, gid, truecrypt volume path and mount path), and it ran fine both as user and root as long as I was logged into my Desktop. I do have truecrypt set in sudoers.
Edit:
Just for grins, you might as well try seeing if you can successfully set the environment variable, DISPLAY, to :0.0 from within your script.
export DISPLAY=:0.0
If the problem isn't strictly a udev related issue, the above may work. To test, you can exit to a console and execute:
export DISPLAY=:0.0
then execute:
zenity --entry --title="truemount" --text="enter password" --hide-text
Upon returning to your Desktop (CTRL+ALT+F7 ), the zenity dialog should be waiting for you. Anyway, this seems feasible for your situation, but I really can't fully test with udev + a USB external drive, so you might give it a try before using ivman.
Last edited by MrWeatherbee (2007-10-22 01:00:19)
Offline
Hi,
thanks for your answer MrWeatherBee , your hint with exporting the DISPLAY environment var finally brought me on the right track. Trying that as root on a console failed as well but by using su <myuser> it finally did the trick. The script now looks as follows:
#!/bin/sh
OK=1
while [ "$OK" != "0" ]; do
PASS=$(su chi -c 'export DISPLAY=:0.0; zenity --entry --title="truemount" --text="enter password" --hide-text')
# catch "cancel"
[[ "$?" == "1" ]] && exit 0
/usr/bin/truecrypt -M "uid=chi,gid=chi" -p $PASS /dev/sdb /home/chi/mnt/coruscant
OK=$?
done
Thanks again for your help!
Offline
Pages: 1