How can ubuntu/truecrypt be configured so users can mount volumes if-and-only-if they have proper permissions on the mount-point?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
4
down vote

favorite












If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.



If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.



What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?










share|improve this question





















  • See this question for some pointers...
    – jasonwryan
    Mar 23 '12 at 6:48














up vote
4
down vote

favorite












If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.



If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.



What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?










share|improve this question





















  • See this question for some pointers...
    – jasonwryan
    Mar 23 '12 at 6:48












up vote
4
down vote

favorite









up vote
4
down vote

favorite











If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.



If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.



What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?










share|improve this question













If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with.



If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password.



What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? e.g. they can only mount volumes to mount-points which they own (or have write-access to)?







permissions mount truecrypt






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Mar 23 '12 at 6:44









Stuart Powers

12114




12114











  • See this question for some pointers...
    – jasonwryan
    Mar 23 '12 at 6:48
















  • See this question for some pointers...
    – jasonwryan
    Mar 23 '12 at 6:48















See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48




See this question for some pointers...
– jasonwryan
Mar 23 '12 at 6:48










1 Answer
1






active

oldest

votes

















up vote
0
down vote













I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.



fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.



sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0


This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.




further reading



Mount TrueCrypt volumes as a normal user



tl;dr



Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.






share|improve this answer






















  • Link is broken.
    – Wildcard
    Aug 15 at 16:51










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f34816%2fhow-can-ubuntu-truecrypt-be-configured-so-users-can-mount-volumes-if-and-only-if%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
0
down vote













I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.



fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.



sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0


This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.




further reading



Mount TrueCrypt volumes as a normal user



tl;dr



Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.






share|improve this answer






















  • Link is broken.
    – Wildcard
    Aug 15 at 16:51














up vote
0
down vote













I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.



fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.



sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0


This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.




further reading



Mount TrueCrypt volumes as a normal user



tl;dr



Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.






share|improve this answer






















  • Link is broken.
    – Wildcard
    Aug 15 at 16:51












up vote
0
down vote










up vote
0
down vote









I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.



fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.



sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0


This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.




further reading



Mount TrueCrypt volumes as a normal user



tl;dr



Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.






share|improve this answer














I would suggest you attempt adding your mounts to your fstab. It can be found at /etc/fstab on most systems.



fstab will allow you to restrict who has access and who can mount which devices to which mount points. The option you are looking for will most likely be uid. You can determine a user's UID by examining /etc/passwd. Typically, you will be using uid 1000 as the first user created on the system.



sshfs#server.local:/mnt/Mountpoint /mnt/LocalDir fuse comment=sshfs,noauto,users,exec,uid=1000,gid=1000,allow_other,reconnect,transform_symlinks,BatchMode=yes,IdentityFile=/home/me/.ssh/server 0 0


This example shows how I mount a remote filesystem locally using sshfs. I have restricted it so that only my user is allowed to do such a thing. There are additional options in this sshfs example that you will most likely not need, but I think if you take a look it might clear things up.




further reading



Mount TrueCrypt volumes as a normal user



tl;dr



Set up uid and even guid in your fstab to restrict access to certain users. This will restrict mounting/unmounting as well as file access if set up correctly. Also, investigate whether or not you are utilizing FUSE, as that can cause additional conflict.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 17 '13 at 10:21









Patrick

48.1k11125176




48.1k11125176










answered Mar 24 '12 at 4:28









earthmeLon

8001414




8001414











  • Link is broken.
    – Wildcard
    Aug 15 at 16:51
















  • Link is broken.
    – Wildcard
    Aug 15 at 16:51















Link is broken.
– Wildcard
Aug 15 at 16:51




Link is broken.
– Wildcard
Aug 15 at 16:51

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f34816%2fhow-can-ubuntu-truecrypt-be-configured-so-users-can-mount-volumes-if-and-only-if%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?