Arno Wagner wrote:
On Tue, Sep 18, 2007 at 06:33:36PM +0200, Harald Dunkel wrote:
I would like to mount _any_ encrypted usb stick without being
root, and without having to look for what became of the "%n"
in the SYMLINK option. The procedure I would like to have would
be: The user plugs in his USB stick, runs "mount /usb" (or
maybe "luksmount /usb"), enters the passphrase, and then it is
mounted. When he has done his job he runs "umount /usb", waits
for the LED, and pulls it out. GUI support would be nice-to-have,
but command line support is must-have.
For not encrypted usb sticks this procedure is no problem.
Not true. It requires the sysadmin (or distribution) to allow
the user to mount certain devices.
Of course root has to allow this, e.g. by adding a line to /etc/fstab
saying something like
LABEL=usbstick /usb auto user,noauto,nosuid,relatime 0 0
If the user labels his device "usbstick", and if the mount point
exists, then he can mount it without being root.
In a security-critical
environment, this is typically not allowed and users cannot
mount devices.
Of course, but this environment would be a special case. In my
special case I just want to give the users an option to store
their sensitive data on their own portable device. USB sticks
are easy to loose, so the filesystem should be encrypted. Don't
you think that this would be a real killer app for dm_crypt?
How comes that it cannot be implemented for encrypted filesystems?
Access to the device mapper is root-only. That is very sensible,
since by remapping disk parts users could likely circumvent
OS protection and make themselves root.
You mean that there is a conflict between using the device mapper
for "traditional" logical volume management and for encrypted
filesystems?
Regards
Harri
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
