Hi
1. Loop devices must be mounted as root (using the builtin loop-handling features of mount).
No.
You can "predefine" an entry in /etc/fstab that can be mounted by user.
(This is one long line!)
<path_to_image_file> <mountpoint> vfat rw,noatime,encryption=<encryption>,gpgkey=<gpg_key>,noauto,user 0 0
The jumping points are user & noauto, "noauto" prevents an automatic mount while booting and "user" allows an ordinary user to issue the mount with
mount <mountpoint>.
The user (and root) is then allowed to umount that mount.
> 2. There's no need to write anything to /etc/fstab. If > the loop device is formatted with ext2, you can chown > & chmod the mount point directory after mounting to > provide a non-root user(s) with access to that > directory.
ext2 can store privileges, VFAT cannot. But you can set the privileges used. See below.
> 3. BUT trying to chown & chmod a mount point directory > for a loop device that was formatted with vfat results > in a "operation not allowed" error and it can't be > done. Writing anything to /etc/fstab makes no > difference. So ENCRYPTED LOOP DEVICES THAT HAVE BEEN > FORMATTED WITH VFAT, MSDOS ETC CAN ONLY BE ACCESSED AS > ROOT.
No
The options
uid=<your used-id>
gid=<your group-id>
fmask=<filemask> e.g. 133 (=644)
dmask=<directorymask> e.g. 022 (=755)
set the privileges used for any file/directory on a vfat (and some more filesystems).
> The only thing I could find was from a web-board > posting concerning something similar with dm-crypt. > One poster said that THE FAT PERMISSIONS OPTIONS FOR > `MOUNT` (see MAN MOUNT) DO NOT WORK AT ALL FOR > LOOPBACK DEVICES, so these can't be used to solve > this.
Pure bullshit. Loop doesn't know (or has to know) anything about whats "inside".
The loop driver does nothing else but create a "block device" with the file as backing-store and translates the requests issued to the block device (/dev/loop<x>) to the file used to represent the block device.
There is noting more a loop-driver does.
The Filesystem doesn't know either what is done to the requests it sends to a block device. For the filesystem any block device looks the same, regardless if it is a HDD, FDD, a(n encrypted-)loop or whatever else is used to satisfy the issued requests.
Abstraction is a great invention. :-)
Bis denn
-- Real Programmers consider "what you see is what you get" to be just as bad a concept in Text Editors as it is in women. No, the Real Programmer wants a "you asked for it, you got it" text editor -- complicated, cryptic, powerful, unforgiving, dangerous.
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
