Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 06-25-2006, 04:09 PM   #1
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
Creating and using encrypted partitions as non-root

Is this possible?

I've followed a guide and created a partition that is mountable by root, but am having a few problems getting it to mount as a user.

I thought it might have been a disk group issue so i added my main account to the disk group, but that didnt work.

I checked the permissions on /dev/mapper and they are owned by root.root. Would altering this to root.disk be a way of securing write access to /dev/mapper by a non-root account?

Also would doing any of this create any major security implications on the system?

The error message i get when running cryptsetup as a user is as follows:
[m1@Shadow1 /]$ cryptsetup -y -c twofish-cbc-essiv:sha256 create secure /dev/sda5
mlockall failed: Cannot allocate memory
WARNING!!! Possibly insecure memory. Are you root?
Command failed: Invalid argument
Is there a way to get around this error and allow the creation?

Sorry if this is longwinded. I've so far searched Google and LQ looking for anything to do with mounting encrypted partitions as a non root to no avail.
Old 06-25-2006, 04:23 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970Reputation: 1970
a non root user should never be allowed to meddle with disk partitions. i would suggest maybe an encrypted fs within a file, mounted via a loopback in fuse?
Old 06-25-2006, 04:52 PM   #3
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,738

Rep: Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299Reputation: 1299
An encrypted filesystem within a file is, indeed, what I would do. Basically it becomes an encrypted folder, which is much easier to manage. While it is true that you still have to be mindful of temporary files and such, an entire disk volume is rather an extremely-large thing to encrypt (and to lose...).
Old 06-25-2006, 05:31 PM   #4
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Original Poster
Rep: Reputation: 30
As it happens i have found a utility called cryptmount that seems to achieve what i wanted.

As for the size of a file versus the size of a partition, well this partition is the first partition on this particular disk, so it offers extremely fast access times, but a file could be anywhere which may not have the same access times. Also a 10gb file may not be as fast as accessing a 10gb partition. I will do some benchmarks on it once i have it running.

Losing the partition isnt really that much of a big deal, i've already created a cronjob to back it up using dd every night to two other drives. This allows me to recreate it with ease, should i need to.

But thanks for the help guys.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating Partitions / image partitions ELEGANCE Linux - General 1 05-17-2006 07:37 AM
encrypted root fs ankscorek Linux - Security 4 02-03-2006 10:50 PM
Hacking the initrd for encrypted partitions sonicbuddha Linux - Security 2 12-20-2005 08:23 PM
Creating partitions at install vs root+swap Thaidog Linux - General 3 07-02-2004 07:49 AM
creating encrypted passwords kidwired Linux - Security 3 01-12-2003 04:34 PM

All times are GMT -5. The time now is 07:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration