-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi it's in german and i haven't tested this yet. that's why i don't know if it works but you should have a look at this section of the gentoo wiki: http://de.gentoo-wiki.com/DM-Crypt#T.C3.A4glicher_Gebrauch looks like a nice trick to me. Jan Thomas Zander schrieb: > Hi, > > I have a setup where the first time my user logs in I am asked for the > password after which the openlucks partition is mounted and available for > things like my email. > > This means that the end user will actually be calling the "cryptsetup > luksOpen" command line. > Currently this is impossible to do nicely, since you need to be root to > call that line :( > > I've investigated methods to do this and I came up with 2 answers; the > first is make cryptsetup suid root, so the user can do this. But I don't > like that very much as any user can now also format partitions due to > that functionality also being available from the same command line. > The second idea is thus something I want to suggest here. > > Could you split out the cryptsetup command so the 'luksOpen' functionality > becomes available as a separate command, preferably one that a normal > user can run? Possibly with suid-0, so the user is at least not possible > to reformat any partitions without proper credentials ;) > > Thanks! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGjsJ7BpRI6A8tC0MRAr4kAJwKhOhRBGKvbRO3f9prv86isJxVZQCeLn5E H0X8K5QUsakxfqUztewNPp0= =qQop -----END PGP SIGNATURE----- --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
