LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 05-13-2013, 10:06 PM   #1
dimm0k
Member
 
Registered: May 2008
Location: Brooklyn ZOO
Distribution: Slackware64 14.0
Posts: 386

Rep: Reputation: 23
mounting as user using Truecrypt GUI


I've recently began using Truecrypt using AlienBob's script to create the Truecrypt package and install, however it seems I can't mount containers as a user using the GUI interface. I've added a 'truecrypt' group and added the user to that group, as well as adding to sudoers this:

Code:
%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt
Any attempts to mount a container is received with this message:

Code:
fuse: failed to execute /bin/mount: Permission denied
What else do I need to do to get this specific user mounting Truecrypt containers? BTW, the bits and permissions on the truecrypt binary is 755 root.root. If I set it to 4755 then not only can root no longer start the GUI, but the user still cannot mount.
 
Old 05-14-2013, 06:57 PM   #2
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current & "True Multilib." PC-BSD.
Posts: 2,218

Rep: Reputation: 176Reputation: 176
To get it to work I put my user name in the wheel group
and uncomment the line,

%wheel ALL-{ALL} NOPASSWD: ALL

in the sudoers file.

No truecrypt group needed.
 
Old 05-15-2013, 10:26 PM   #3
yenn
Member
 
Registered: Jan 2011
Location: Czech Republic
Distribution: Slackware, Gentoo
Posts: 153

Rep: Reputation: 21
Quote:
Originally Posted by dimm0k View Post
I've recently began using Truecrypt using AlienBob's script to create the Truecrypt package and install, however it seems I can't mount containers as a user using the GUI interface. I've added a 'truecrypt' group and added the user to that group, as well as adding to sudoers this:

Code:
%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt
Also allow /bin/mount in sudoers file

Code:
%truecrypt ALL=(root) NOPASSWD:/usr/X11R6/bin/truecrypt, /bin/mount
Quote:
Originally Posted by dimm0k View Post
Any attempts to mount a container is received with this message:

Code:
fuse: failed to execute /bin/mount: Permission denied
What else do I need to do to get this specific user mounting Truecrypt containers? BTW, the bits and permissions on the truecrypt binary is 755 root.root. If I set it to 4755 then not only can root no longer start the GUI, but the user still cannot mount.
By default only root can mount filesystems, images, etc. unless overridden by definitions in /etc/fstab. Your sudo-elevated privileges allows you to run only Truecrypt GUI as root, not /bin/mount.

Quote:
Originally Posted by cwizardone View Post
%wheel ALL-{ALL} NOPASSWD: ALL

in the sudoers file.

No truecrypt group needed.
It will do the trick, but I'd rather suggest fine-grained privileges. In case something bad happened (someone gained access to your account, buffer overflow attack on some program, etc.), attacker would gain root privileges. Not directly, but since Ubuntu and other widespread distros relies on sudo instead of root acount, I guess attacker would try sudo as well.

Last edited by yenn; 05-15-2013 at 10:34 PM. Reason: typo
 
Old 05-19-2013, 12:36 AM   #4
dimm0k
Member
 
Registered: May 2008
Location: Brooklyn ZOO
Distribution: Slackware64 14.0
Posts: 386

Original Poster
Rep: Reputation: 23
Looks like after hardening my Slackware system something broke fusermount/sudo somewhere... problem is, I've gone through all the steps in the hardening doc a while ago and it was recently that I've come across this issue. Will have to reverse the hardening process until it works unless someone knows what might have caused this. If I ever find the cause I'll be sure to post here.
 
Old 05-19-2013, 06:11 AM   #5
BlackRider
Member
 
Registered: Aug 2011
Distribution: Slackware
Posts: 261

Rep: Reputation: 82
%wheel ALL-{ALL} NOPASSWD: ALL

For what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.

Maybe some /etc/fstab entries with options are called for. I have lost contact with TrueCrypt so I would not give precise advice (I use cryptsetup + LUKS these days).
 
Old 05-19-2013, 12:15 PM   #6
cwizardone
Senior Member
 
Registered: Feb 2007
Distribution: Slackware64-current & "True Multilib." PC-BSD.
Posts: 2,218

Rep: Reputation: 176Reputation: 176
Quote:
Originally Posted by BlackRider View Post
%wheel ALL-{ALL} NOPASSWD: ALLFor what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.
On a standalone box it works just fine.
 
Old 05-19-2013, 09:56 PM   #7
dimm0k
Member
 
Registered: May 2008
Location: Brooklyn ZOO
Distribution: Slackware64 14.0
Posts: 386

Original Poster
Rep: Reputation: 23
Quote:
Originally Posted by BlackRider View Post
%wheel ALL-{ALL} NOPASSWD: ALL

For what has been already said, I will recommend this option is not used happily and carelessly. In fact, I wouldn't recommend using it at all.

Maybe some /etc/fstab entries with options are called for. I have lost contact with TrueCrypt so I would not give precise advice (I use cryptsetup + LUKS these days).
I don't recommend that either, though using that temporarily helped me figure out that apparently I needed to add /bin/fusermount, /bin/mount, /usr/bin/truecrypt to the EXEC option since I used "Defaults noexec" in sudoers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mounting truecrypt container as non-admin user guna_pmk Linux - Software 1 01-17-2012 09:43 AM
Mounting a Raid 0 with truecrypt on it Ubuntu Chiyo Linux - Newbie 10 12-15-2009 12:44 AM
TrueCrypt graphical user interface problem with mounting franz_70 Linux - Software 1 06-15-2009 04:40 PM
LXer: TrueCrypt With GUI On Ubuntu 7.10 LXer Syndicated Linux News 0 01-16-2008 12:51 PM


All times are GMT -5. The time now is 06:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration