[CLUE-Tech] User Mount of Encrypted Volumes vi Loopback

Jed S. Baer thag at frii.com
Sun Nov 23 18:22:51 MST 2003 

Hi Folks.

I've spend most of the afternoon messing around with creating an encrypted
filesystem, using a file which is then mounted via the loopback device.

Some info on this can be found in the August 2003 issue of Linux Journal.

The process is pretty simple, once you have all the pieces, and involves
using a special cryptologically enhanced layer for the loopback device,
and a kernel module implementing the particulare encryption you want to
use. So, for example, the ouput of lsmod looks like:

$ /sbin/lsmod
Module                  Size  Used by    Not tainted
cipher-aes             23348   0
cryptoloop              2748   0
loop                   11896   0 [cryptoloop]
cryptoapi               7116   5 [cipher-aes cryptoloop]

Once you have this, you also need versions of losetup, mount, and umount
which support encrypted volumes.

So, I have an encrypted ext2 filesystem created, and it's mountable by
root. Here's the question. How can an ordinary user mount it? I assumed it
would be something similar to the way things such as the floppy and cdrom
devices work. And, looking at the options for the mount command, and
/etc/fstab, it would appear that simply putting the "user" option into the
fstab line for the file would make it all work.

[ /etc/fstab ]
/home/jbaer/cranium.pcm /home/jbaer/freezer ext2 noauto,owner,noatime 0 0

I also messed around with also adding options in fstab for the encryption
pieces and loopback, and these all work just fine when mounting as root.

But the point of this exercise is for the ordinary user (me, in this case)
to be able to maintain (including mount/umount) their own encrypted "safe"
type thing, and store anything encrypted, without the constraints of some
off-the-shelf package which might store only certain types of data, e.g.
password records.

However, when I try to mount the file (which I own), I get the message
"only root can mount {filename} on {mount point}. I've changed file
permissions and ownership on the /dev/loop* devices, with no effect, and I
doubted the problem was there in the first place. By the error message, it
feels like something which should be correctable in /etc/fstab, which is
where the options are for whether ordinary people can mount things.

Finally, the other thing is, I'd like to be certain that the filesystem,
when it's mounted is owned by the user. When I mount this thing as root,
it looks just like any other mount point mounted by root. So, the ordinary
user who owns the thing can't even create a directory. Yeah, I could
create a top-level directory for the user as root, but it'd be nice to
minimize root involvement in being able to set these things up.

So, anyone have any thoughts?

TIA.
jed
-- 
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier

More information about the clue-tech mailing list