Re: How to access loop-aes mounted vfat filesystem as non-root user- help required!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Phil H wrote: 
Thanks Matthias for your help (and Jari for the
clarification). However I'm still having problems.

I make a device-backed aes256-encrypted loop, where
the device is a floppy, format the loop device with
vfat, then deallocate the loop.  Then I put the
following in /etc/fstab:

/dev/fd0 /home/dsl/crypt1 vfat
defaults,rw,noatime,encryption=aes256,noauto,user 0 0

(I've also tried using 'users' plus the guid etc
settings as for the fstab entries for my hard drives).


I'd always set uid/gid, to be sure.

(Personally i always use an automounter(autofs), here you have to provide the UID/GID as the mount-command is always issued from the automount-daemon in root-context.
Unfortunatly you can't use an automounter if you have to provide a password(*))

BUT when I try to mount as an ordinary user I get:

"mount: only root can do that" 

I'd guess your mount-command misses the SUID-Bit.

ls -la /bin/mount
-rwsr-xr-x    1 root     root           84888 Mar 23 12:58 /bin/mount

The fourth Character from the beginning must be an "s", without SUID-Bit there would be an "x".
Also mount must belong to root.

chown root.root /bin/mount
chmod 4755 /bin/mount

sudo mount works, but the mount directory has
root-only access permissions.


At this point you hadn't provided uid( & gid).
With sudo mount is called under the root account, so the "inherited" uid & gid are the ones from root.

This is why I has the wrong notions in my initial post
- I'd tried this before.

What is going wrong? 

I'd say:
A mixture of subtle differences in your distro paired with a little bit of missing experience. :-)

PS: I'm using a knoppix-based distro 

May only be relevant for the "doesn't ship with SUID-bit-set-for-mount"-part. AFAIR there are Distros with a bit more restrictive security regarding SUID programs. Maybe this is one if them.



*:
There are ways to cicumvent this, but that is no point here. :-)

--
Real Programmers consider "what you see is what you get" to be just as
bad a concept in Text Editors as it is in women. No, the Real Programmer
wants a "you asked for it, you got it" text editor -- complicated,
cryptic, powerful, unforgiving, dangerous.


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[Index of Archives]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]
  Powered by Linux