How to mount LUKS media without root?

I’ve set up a LUKS fstab entry like this: /dev/mapper/luks-… /home/username/disk auto defaults,noatime,noauto,user 0 2, and /home/username/disk is owned and readable/writable/executable by me. But when clicking on the disk to mount it in GNOME Evolution I get two prompts, first for the LUKS password and then for the root password. Should I not be able to mount this without root access?

Mounting through /etc/fstab still requires root permissions AFAIK. For mounting as not-root you need to use tools like udisky. Not sure though if that can properly work with mapped devices, so far I’ve only used it for USB drives.

According to man 5 fstab the user setting “allow a user to mount”. I would expect this to mean “non-root user”, since obviously root can mount even if user is not set.

You are right. At least mount command seems to be able to deal with that, thanks to suid.

Have you tried if you can mount the drive from a terminal without sudo?

Please try both, mountpoint and device (as specified in fstab), from the man page I found, it looks as if only mountpoint was allowed for user mounts.

So I currently have 4 working theories:

  • Your filemanager uses a graphical sudo unconditionally
  • Your filemanager uses mount with the wrong spec (device directly, when by label is expected or something), the man page mentions that mount was very strict with checking arguments for non-root mounts.
  • Your filemanager uses a mount that hasn’t suid set (eg directly from the store, rather than from PATH
  • Your filemanager does use something else that is not aware of the user option

Looks like mount also doesn’t allow it. After unmounting in Nautilus:

$ mount /dev/mapper/luks-[omitted] /home/username/disk
mount: /home/username/disk: must be superuser to use mount.

udiskie can mount LUKS containers. If you run it in the background, then when you plug in a device with a LUKS container udiskie will prompt for the password.