LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-25-2006, 05:09 PM   #1
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Devuan Beowulf
Posts: 514
Blog Entries: 1

Rep: Reputation: 37
Creating and using encrypted partitions as non-root


Is this possible?

I've followed a guide and created a partition that is mountable by root, but am having a few problems getting it to mount as a user.

I thought it might have been a disk group issue so i added my main account to the disk group, but that didnt work.

I checked the permissions on /dev/mapper and they are owned by root.root. Would altering this to root.disk be a way of securing write access to /dev/mapper by a non-root account?

Also would doing any of this create any major security implications on the system?

The error message i get when running cryptsetup as a user is as follows:
Code:
[m1@Shadow1 /]$ cryptsetup -y -c twofish-cbc-essiv:sha256 create secure /dev/sda5
mlockall failed: Cannot allocate memory
WARNING!!! Possibly insecure memory. Are you root?
Command failed: Invalid argument
Is there a way to get around this error and allow the creation?

Sorry if this is longwinded. I've so far searched Google and LQ looking for anything to do with mounting encrypted partitions as a non root to no avail.
 
Old 06-25-2006, 05:23 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
a non root user should never be allowed to meddle with disk partitions. i would suggest maybe an encrypted fs within a file, mounted via a loopback in fuse?
 
Old 06-25-2006, 05:52 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,970
Blog Entries: 4

Rep: Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027Reputation: 4027
An encrypted filesystem within a file is, indeed, what I would do. Basically it becomes an encrypted folder, which is much easier to manage. While it is true that you still have to be mindful of temporary files and such, an entire disk volume is rather an extremely-large thing to encrypt (and to lose...).
 
Old 06-25-2006, 06:31 PM   #4
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Devuan Beowulf
Posts: 514

Original Poster
Blog Entries: 1

Rep: Reputation: 37
As it happens i have found a utility called cryptmount that seems to achieve what i wanted.

As for the size of a file versus the size of a partition, well this partition is the first partition on this particular disk, so it offers extremely fast access times, but a file could be anywhere which may not have the same access times. Also a 10gb file may not be as fast as accessing a 10gb partition. I will do some benchmarks on it once i have it running.

Losing the partition isnt really that much of a big deal, i've already created a cronjob to back it up using dd every night to two other drives. This allows me to recreate it with ease, should i need to.

But thanks for the help guys.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating Partitions / image partitions ELEGANCE Linux - General 1 05-17-2006 08:37 AM
encrypted root fs ankscorek Linux - Security 4 02-03-2006 11:50 PM
Hacking the initrd for encrypted partitions sonicbuddha Linux - Security 2 12-20-2005 09:23 PM
Creating partitions at install vs root+swap Thaidog Linux - General 3 07-02-2004 08:49 AM
creating encrypted passwords kidwired Linux - Security 3 01-12-2003 05:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration