0

I just created a new ext4 partition on a new drive and decided to use LUKS to encrypt it. I entered a password to use for encryption and the partition was created. So far, so good.

However, I have the drive open in Nautilus. Every time I move away from that window and come back to it, it asks me my user password (not the encryption password, but the password of my user on the local linux machine).

My expectation was that I would have to provide the encryption password once - when mounting the disk - and never again, and in particular, never have to provide linux user credentials to access the drive.

What I'm seeing would perhaps make sense in a military network, but is ridiculous in a home environment. How do I disable all password prompts beyond the first prompt for the encryption password?

This is Ubuntu 18.04.6 LTS, used gnome-disks to manage partitions. The drive is an external USB drive. I mounted it like any external memory, using Nautilus. I did not touch /etc/fstab, but I wouldn't expect I that I should touch it any more than I would for a USB key. The drive is accessible under /media/<myusername>/<external drive name>. The permissions on /media/<myusername> are drwx------ and it belongs to my user and my group.

Apparently, this behaviour is controlled by Polkit. I get the impression that I need to change ResultActive or ResultInactive in the encryption-related section to one of yes, no, auth_self, auth_self_keep. The docs are here, but I don't see where these terms are defined, in particular active and inactive and it doesn't help that the docs are not searchable. Any hints?

This article provides a great overview of allowed params and values, shedding some more light on the subject, but still no luck. I tried with /etc/polkit-1/localauthority/50-local.d/10-unlock.pkla:

[Test]
Identity=unix-user:*
Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab;
ResultAny=yes
Tomislav Nakic-Alfirevic
  • 287
  • 1
    It sounds like the mount point of the encrypted partition has the "wrong" permissions. – user68186 Aug 01 '22 at 12:57
  • Thanks for the comments. I'm using Ubuntu 18.04.6 LTS, Used gnome-disks to manage partitions. The drive is an external USB drive. I mounted it like any external memory, using Nautilus. I did not touch /etc/fstab, but I wouldn't expect I that I should touch it any more than I would for a USB key. The drive is accessible under /media/<myusername>/<external drive name>. The permissions on /media/<myusername> are drwx------ and it belongs to my user and my group. – Tomislav Nakic-Alfirevic Aug 01 '22 at 17:02
  • Apparently, this behaviour is controlled by Polkit. I get the impression that I need to change ResultActive or ResultInactive in the encryption-related section to one of yes, no, auth_self, auth_self_keep. The docs are here (https://www.freedesktop.org/software/polkit/docs/latest/), but I don't see where these terms are defined, in particular active and inactive and it doesn't help that the docs are not searchable. Any hints? – Tomislav Nakic-Alfirevic Aug 01 '22 at 19:44
  • This article (https://www.admin-magazine.com/Articles/Assigning-Privileges-with-sudo-and-PolicyKit) provides a great overview of allowed params and values, shedding some more light on the subject, but still no luck.

    I tried with /etc/polkit-1/localauthority/50-local.d/10-unlock.pkla: [Test] Identity=unix-user:* Action=org.freedesktop.udisks.filesystem-*;org.freedesktop.udisks.drive-ata-smart*;org.freedesktop.udisks2.filesystem-mount-system;org.freedesktop.udisks2.encrypted-unlock-system;org.freedesktop.udisks2.filesystem-fstab; ResultAny=yes

     – Tomislav Nakic-Alfirevic Aug 01 '22 at 20:25
  • 1
    Fun fact: it seems to just be Nautilus. If I access the drive from e.g. Thunar or from a terminal, I can just access everything, no questions asked. This is a lovely workaround, but I'd still love to fix this with Nautilus, now that I'm half way down the rabbit hole. – Tomislav Nakic-Alfirevic Aug 01 '22 at 20:47
  • 1
    Please put all the information you have in comments in your question. The comments are mainly for us to ask for clarifications. From your comments it sounds like a bug in Nautilus. See if a bug report has been filed. If yes, add your name to the list of people affected by this bug. If not, consider filing a bug report. – user68186 Aug 02 '22 at 14:03

0 Answers0