Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Is there a way for ondinary users to mount luks+lvm?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo
View previous topic :: View next topic  
Author Message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1741
PostPosted: Mon Feb 13, 2017 5:55 pm    Post subject: Is there a way for ondinary users to mount luks+lvm? Reply with quote
Probably set this up wrong, but here is what I did:

Code:

# cryptsetup -v luksFormat /dev/sdb
# cryptsetup luksHeaderBackup /dev/sdb --header-backup-file disk.img
# cryptsetup open /dev/sdb disk
# pvcreate /dev/mapper/disk
# vgcreate vgdisk /dev/mapper/disk
# lvcreate -L 200G -n storage0 vgdisk
# lvcreate -L 200G -n storage1 vgdisk
# mke2fs -b 4096 -L storage0 -m 0 -O ^extra_isize -t ext4 -v /dev/mapper/vgdisk-storage0
# mke2fs -b 4096 -L storage1 -m 0 -O ^extra_isize -t ext4 -v /dev/mapper/vgdisk-storage1
# dmsetup remove vgdisk-storage0
# dmsetup remove vgdisk-storage1
# cryptsetup close /dev/mapper/disk


My problem is that I need to have an ordinary (non-root) user be able to mount storage0 and storage1. This is often not a problem using (for example) kde (which prompts for the password, and then mounts non-lvm luks filesystems), but that doesn't work in this case ("You are not authorized to mount this device").

Is there some way (tools) or set of permissions so that an ordinary user can mount these?

Thank you in advance.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3135
PostPosted: Mon Feb 13, 2017 8:30 pm    Post subject: Reply with quote
Ehm... add "user" to options in /etc/fstab?
This will let a non-root user mount t he device

Regarding decryption itself, you could read password from fifo.
Create fifo with write-only permissions for all users and read permission for root. Initiate decryption in a service and provide that fifo as a source file. Cryptsetup will freez until some other process writes password into that fifo.
Once some user provides password, root-owned process will decrypt the device.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany
PostPosted: Mon Feb 13, 2017 8:39 pm    Post subject: Reply with quote
Most GUI frontends just expect there to be a filesystem and not yet another layer when they open a LUKS container for you. Of course you can write your own scripts to get around it, but if you want it to work out of the box, then you should remove the unnecessary complications, i.e. LVM inside LUKS. If you want LVM, why not put LUKS on each LV instead?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Other Things Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy