How can ubuntu/truecrypt be configured so users can mount volumes if-and-only-if they have proper permissions on the mount-point?
Clash Royale CLAN TAG#URR8PPP
up vote
4
down vote
favorite
If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.
If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.
What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?
permissions mount truecrypt
asked Mar 23 '12 at 6:44
Stuart Powers
12114
add a comment |Â
up vote
4
down vote
favorite
If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.
If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.
What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?
permissions mount truecrypt
asked Mar 23 '12 at 6:44
Stuart Powers
12114
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48
add a comment |Â
up vote
4
down vote
favorite
up vote
4
down vote
favorite
If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.
If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.
What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?
permissions mount truecrypt
asked Mar 23 '12 at 6:44
Stuart Powers
12114
If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.
If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.
What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?
permissions mount truecrypt
permissions mount truecrypt
asked Mar 23 '12 at 6:44
Stuart Powers
12114
asked Mar 23 '12 at 6:44
Stuart Powers
12114
asked Mar 23 '12 at 6:44
Stuart Powers
12114
asked Mar 23 '12 at 6:44
Stuart Powers
12114
asked Mar 23 '12 at 6:44
Stuart Powers
12114
12114
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48
add a comment |Â
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.
fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.
sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0
This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.
further reading
Mount TrueCrypt volumes as a normal user
tl;dr
Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
Link is broken.
– Wildcard
Aug 15 at 16:51
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.
fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.
sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0
This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.
further reading
Mount TrueCrypt volumes as a normal user
tl;dr
Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
Link is broken.
– Wildcard
Aug 15 at 16:51
add a comment |Â
up vote
0
down vote
I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.
fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.
sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0
This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.
further reading
Mount TrueCrypt volumes as a normal user
tl;dr
Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
Link is broken.
– Wildcard
Aug 15 at 16:51
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.
fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.
sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0
This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.
further reading
Mount TrueCrypt volumes as a normal user
tl;dr
Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.
fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.
sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0
This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.
further reading
Mount TrueCrypt volumes as a normal user
tl;dr
Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
edited Nov 17 '13 at 10:21
Patrick
48.1k11125176
48.1k11125176
answered Mar 24 '12 at 4:28
earthmeLon
8001414
answered Mar 24 '12 at 4:28
earthmeLon
8001414
answered Mar 24 '12 at 4:28
earthmeLon
8001414
8001414
Link is broken.
– Wildcard
Aug 15 at 16:51
add a comment |Â
Link is broken.
– Wildcard
Aug 15 at 16:51
Link is broken.
– Wildcard
Aug 15 at 16:51
Link is broken.
– Wildcard
Aug 15 at 16:51
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f34816%2fhow-can-ubuntu-truecrypt-be-configured-so-users-can-mount-volumes-if-and-only-if%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48