0

I have a flash drive that is LUKS encrypted by the program disks. When I plug this into my computer a graphical prompt for the password to the flash drive appears and I am asked to put in the password, the drive mounts and I can access its contents

If I plug the drive into a non administrative account on the computer the user is prompted for the password but once correctly entered the drive mounts but they are unable to access the contents with a permission denied error.

Is there a way that Ubuntu can be set up so that non administrative account users can by default access the contents of LUKS encrypted flash drives?

stonke
  • 41
  • No, root access is required to open a LUKS container. You can, however, configure sudo to restrict root access to LUKS only. – Panther Oct 04 '17 at 14:43
  • @bodhi.zazen what is the best way to do that with sudo while keeping gui password/mounting? – stonke Oct 04 '17 at 14:57
  • https://askubuntu.com/questions/90726/is-it-possible-to-give-sudo-access-to-only-a-particular-command in your case allow cryptsetup – Panther Oct 04 '17 at 15:04
  • @bodhi.zazen maybe I am missing something but I am not sure sudo is the issue here. The temporary mount point is created with the wrong owner when the password it entered. it does appear to be mounted just it can not be accessed as it's owned by root and chmod 700 – stonke Oct 04 '17 at 15:52
  • sudo chown foo:bar sudo chmod .... – Panther Oct 04 '17 at 16:11
  • Thanks @bodhi.zazen, that's ok for someone comfortable with terminal but this person is not and having to do that each and every time they mount/decrypt the flash drive would be annoying - the mount point is created newly each time you plug in the drive and deleted on eject so I can not even set perms up in advance for them – stonke Oct 04 '17 at 16:27
  • Should not change between mounts. What file system is it ? – Panther Oct 04 '17 at 16:59
  • @bodhi.zazen ext4. Plug in USB -> gui prompt for password -> correct password -> drive mounts -> permission errors as mount folder created is owned by root -> eject USB key -> mount folder gets deleted – stonke Oct 04 '17 at 17:23
  • Probably best to add an entry in fstab. – Panther Oct 04 '17 at 19:55
  • @stonke Do you have control of what the GUI does? –  Nov 20 '17 at 11:48

0 Answers0