LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   mounting as user using Truecrypt GUI (http://www.linuxquestions.org/questions/slackware-14/mounting-as-user-using-truecrypt-gui-4175461848/)

dimm0k 05-13-2013 11:06 PM

mounting as user using Truecrypt GUI
 
I've recently began using Truecrypt using AlienBob's script to create the Truecrypt package and install, however it seems I can't mount containers as a user using the GUI interface. I've added a 'truecrypt' group and added the user to that group, as well as adding to sudoers this:

Code:

%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt
Any attempts to mount a container is received with this message:

Code:

fuse: failed to execute /bin/mount: Permission denied
What else do I need to do to get this specific user mounting Truecrypt containers? BTW, the bits and permissions on the truecrypt binary is 755 root.root. If I set it to 4755 then not only can root no longer start the GUI, but the user still cannot mount.

cwizardone 05-14-2013 07:57 PM

To get it to work I put my user name in the wheel group
and uncomment the line,

%wheel ALL-{ALL} NOPASSWD: ALL

in the sudoers file.

No truecrypt group needed.

yenn 05-15-2013 11:26 PM

Quote:

Originally Posted by dimm0k (Post 4950549)
I've recently began using Truecrypt using AlienBob's script to create the Truecrypt package and install, however it seems I can't mount containers as a user using the GUI interface. I've added a 'truecrypt' group and added the user to that group, as well as adding to sudoers this:

Code:

%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt

Also allow /bin/mount in sudoers file

Code:

%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt, /bin/mount
Quote:

Originally Posted by dimm0k (Post 4950549)
Any attempts to mount a container is received with this message:

Code:

fuse: failed to execute /bin/mount: Permission denied
What else do I need to do to get this specific user mounting Truecrypt containers? BTW, the bits and permissions on the truecrypt binary is 755 root.root. If I set it to 4755 then not only can root no longer start the GUI, but the user still cannot mount.

By default only root can mount filesystems, images, etc. unless overridden by definitions in /etc/fstab. Your sudo-elevated privileges allows you to run only Truecrypt GUI as root, not /bin/mount.

Quote:

Originally Posted by cwizardone (Post 4951276)
%wheel ALL-{ALL} NOPASSWD: ALL

in the sudoers file.

No truecrypt group needed.

It will do the trick, but I'd rather suggest fine-grained privileges. In case something bad happened (someone gained access to your account, buffer overflow attack on some program, etc.), attacker would gain root privileges. Not directly, but since Ubuntu and other widespread distros relies on sudo instead of root acount, I guess attacker would try sudo as well.

dimm0k 05-19-2013 01:36 AM

Looks like after hardening my Slackware system something broke fusermount/sudo somewhere... problem is, I've gone through all the steps in the hardening doc a while ago and it was recently that I've come across this issue. Will have to reverse the hardening process until it works unless someone knows what might have caused this. If I ever find the cause I'll be sure to post here.

BlackRider 05-19-2013 07:11 AM

%wheel ALL-{ALL} NOPASSWD: ALL

For what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.

Maybe some /etc/fstab entries with options are called for. I have lost contact with TrueCrypt so I would not give precise advice (I use cryptsetup + LUKS these days).

cwizardone 05-19-2013 01:15 PM

Quote:

Originally Posted by BlackRider (Post 4954185)
%wheel ALL-{ALL} NOPASSWD: ALLFor what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.

On a standalone box it works just fine.

dimm0k 05-19-2013 10:56 PM

Quote:

Originally Posted by BlackRider (Post 4954185)
%wheel ALL-{ALL} NOPASSWD: ALL

For what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.

Maybe some /etc/fstab entries with options are called for. I have lost contact with TrueCrypt so I would not give precise advice (I use cryptsetup + LUKS these days).

I don't recommend that either, though using that temporarily helped me figure out that apparently I needed to add /bin/fusermount, /bin/mount, /usr/bin/truecrypt to the EXEC option since I used "Defaults noexec" in sudoers.


All times are GMT -5. The time now is 12:26 AM.