I’ve set up a LUKS fstab entry like this: /dev/mapper/luks-… /home/username/disk auto defaults,noatime,noauto,user 0 2
, and /home/username/disk
is owned and readable/writable/executable by me. But when clicking on the disk to mount it in GNOME Evolution I get two prompts, first for the LUKS password and then for the root password. Should I not be able to mount this without root access?
Mounting through /etc/fstab
still requires root permissions AFAIK. For mounting as not-root you need to use tools like udisky
. Not sure though if that can properly work with mapped devices, so far I’ve only used it for USB drives.
According to man 5 fstab
the user
setting “allow a user to mount”. I would expect this to mean “non-root user”, since obviously root can mount even if user
is not set.
You are right. At least mount
command seems to be able to deal with that, thanks to suid.
Have you tried if you can mount the drive from a terminal without sudo
?
Please try both, mountpoint and device (as specified in fstab), from the man page I found, it looks as if only mountpoint was allowed for user mounts.
So I currently have 4 working theories:
- Your filemanager uses a graphical
sudo
unconditionally - Your filemanager uses mount with the wrong spec (device directly, when by label is expected or something), the man page mentions that
mount
was very strict with checking arguments for non-root mounts. - Your filemanager uses a mount that hasn’t suid set (eg directly from the store, rather than from
PATH
- Your filemanager does use something else that is not aware of the
user
option
Looks like mount
also doesn’t allow it. After unmounting in Nautilus:
$ mount /dev/mapper/luks-[omitted] /home/username/disk
mount: /home/username/disk: must be superuser to use mount.
udiskie
can mount LUKS containers. If you run it in the background, then when you plug in a device with a LUKS container udiskie
will prompt for the password.