> If you mean "allow all cryptsetup users to be able to activate > device", then it is definitely not secure. It works, but it > would be major security hole in your system. We need root for > activation of device-mapper device (this requires CAP_SYSADMIN, > it is basically root). That is sad, because in theory having access permissions to a block device special file ought to be enough, but some people seem to think that the UNIX/POSIX permissions system is "insecure" and thus add their own special-case restrictions. It is part of the same thinking that DM block device special file cannot be created other than in '/dev/mapper', to be "helpful". > If you allow any user to access device-mapper (and sudo > cryptsetup is just one way), you will allow these users to > access and modify *all* block devices in your system. $ grep xxx /etc/sudoers xxx ALL=NOPASSWD:/sbin/cryptsetup create xxx-sdc5 /dev/sdc5, \ NOPASSWD:/sbin/cryptsetup remove xxx-sdc5 $ id -n -u xxx $ sudo /sbin/cryptsetup create xxx-sdc5 /dev/sdc5 Enter passphrase for /dev/sdc5: $ sudo cryptsetup remove xxx-sdc5 Note: some "secondary" details omitted :-). That for statically defining which block devices can be used by which user, something like a daemon like the 'libvirtd' one can be used for more dynamic definitions. > (It is tricky with only cryptsetup, but it is possible through > using null cipher with block device.) That could be disabled by recompiling the kernel, not that it is essential given the above. _______________________________________________ dm-crypt mailing list -- dm-crypt@xxxxxxxx To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
