Automount LUKS encrypted USB disk as regular user
Hi there,
I have a question regarding automounting. How can I get a LUKS encrypted partition on an external USB device automounted with r/w access for non-privileged users? Background: I just reformatted an external USB device with ext4. The only partition is LUKS encrypted. Now, when I plug the device to my computer, KDE notifies me and asks me to enter the LUKS passphrase. Then it mounts the device. Little snag here: Non-privileged users have read-only access. My user is a member of group plugdev, but not of group disk, as this was discouraged several times, e. g. by Robby Workman. With non-encrypted disks regular users have read/write access, or can change the filemodes accordingly, as far as I recall (currently I have no more non-encrypted disks left to verify it...). Thanks a lot, best regards gargamel |
It's an ext4 filesystem, so you have to change the ownership and/or permissions on the filesystem itself. In that respect, it's no different than any other directory on a non-hotpluggable disk. In other words, let's forget about the encrypted device for a moment and pretend you want to make /home/common writable to everyone on the system:
Code:
bash-3.1# mkdir /home/common Code:
bash-3.1# chmod 0775 /home/common If you want it to behave like Windows filesystems (vfat, ntfs) in that the filesystem is owned and writable by the mounting user, then you'll have to make it a windows filesystem on the encrypted device. |
Thanks a lot, this is exactly the information I needed!
I am going to go the plugdev group write access way, I think. I thought about modifying the file mode of the directory representing the mount point, but there's no guarantee that the device is mounted to this very mountpoint every time, as I am using other removable USB devices, too, and it depends on the order they are connected to my computer to which mountpoint they are mounted. So thanks for your help! gargamel |
Changing the ownership and/or mode of the mountpoints won't help anyway, unless the device is actually mounted at that time. Just like the first set of examples, think in terms of a separate partition (nonremovable) on your system:
If /dev/sda1 is your / partition, and /dev/sda2 is the /home partition, you first have / mounted, and there is a /home directory in there already (it's the empty mountpoint). It doesn't matter what the ownership and mode of that empty /home directory is - when you mount /dev/sda2 to /home, the ownership and mode of the filesystem on /dev/sda2 is what will matter. |
Changing the ownership and/or mode of the mountpoints won't help anyway, unless the device is actually mounted at that time. Just like the first set of examples, think in terms of a separate partition (nonremovable) on your system:
If /dev/sda1 is your / partition, and /dev/sda2 is the /home partition, you first have / mounted, and there is a /home directory in there already (it's the empty mountpoint). It doesn't matter what the ownership and mode of that empty /home directory is - when you mount /dev/sda2 to /home, the ownership and mode of the filesystem on /dev/sda2 is what will matter. |
Quote:
Quote:
So Code:
# chmod g+rw /dev/sda2 Code:
# chmod g+rw /dev/mapper/usbluksdevicefilename After mounting the device read-only I see, that owner is root und group is root, and only the owner (and maybe the group, I am not at home, and cannot check this, at the moment) has write access. Another, simpler option now would be to create a folder named, say, data on the device, and make it writable for members of plugdev. Correct? But changing the ownership and/or "filemode" of the whole filesystem seems more elegant, I just don't know, how to do it. Thanks a lot, again! gargamel |
Change the ownership/mode of the mountpoint *after* mounting it.
|
Quote:
I guess, a directory "data" with ownership set to group plugdev and r/w access for plugdev comes closest to what I want. Seems, that the simple way of changing ownership and filemode of a directory named data or so comes closest to what I want. Thanks again for your patience! I now do not only know what my options are, but also understand the whys behind them. Very helpful! Best regards gargamel |
It *is* persistent - when you change the ownership/mode of the toplevel mountpoint *with* the filesystem mounted to it, you're actually changing the filesystem - not the mountpoint.
|
This would be very close to what I want, then.
But what I observed so far is that
So when I plug the first disk to my computer it is mounted to /media/disk, which always exists, the second one to /media/disk-1, which is created at this moment, and so on. Now, when I change the filemode of /media/disk-1, I lose the setting when I reboot my computer, because the directory representing the mountpoint will be removed and re-created with default filemode. Now, if I only had one external disk, this wouldn't be a problem. Adjusting the filemode of /media/disk after mounting the external filesystem would do the trick. But the disk is not always mounted to /media/disk, but sometimes to /media/disk-n. I guess I could now start to fiddle with udev rules and define to which mountpoint this device should be mounted every time it is connected, and/or I could add an entry to /etc/fstab. Am I missing something? gargamel |
Code:
bash-3.1# mkfs.ext4 -L PART1 /dev/sdb1 Now, observe :-) Code:
liberty $ exit |
I am humiliated.
And excited. And grateful. All together at the same time. Shame on me. The simple trick is to change the filesystem label in order to have it mounted to the same mount point every time. Boahh. This was TOO trivial, then, uhhh hum... :) THANKS A LOT!!!! gargamel |
All times are GMT -5. The time now is 03:38 AM. |