[CLUE-Tech] User Mount of Encrypted Volumes vi Loopback
Jed S. Baer
thag at frii.com
Tue Nov 25 12:26:47 MST 2003
On Tue, 25 Nov 2003 10:14:11 -0700
Keith Hellman <khellman at mcprogramming.com> wrote:
> Try making the loopback device used owned by the user. Where I work we
> do this sort of thing all the (it's part of our build process); the only
> missing element is we don't mount with encryption.
Changing ownership of the loopback device doesn't make any difference. As
a control, I generated an ISO image, and tried to mount that (removing the
encryption piece). Same result.
In looking around I found this explanation:
"mount: only root can do that"
You have tried to mount a device that is not listed in
'/etc/fstab' as being mountable by users. Do it as root
If you need to mount the device more often, it may be a
good idea to change '/etc/fstab' accordingly
http://203.213.125.126:81/pipermail/mlug/2001-May/001851.html
Which correlates with my experiments with fstab. The thing which does work
(including encryption, and irrespective of the owner of /dev/loop0, is the
options "users". This is interesting, because "owner" doesn't work, even
though the mount man page indicates it should (and "owner" does work for
/dev/fd0 and /dev/hdd [cdrom], which are set as owned by me).
Logically, I think I should be able to mount a "device" (in the case of a
container file) that I own. As the loopback devices are intermediaries,
they fall outside of the logic which mount seems to employ, which is
looking for a match in the first column of fstab for the "real" thing to
be mounted, checking its ownership, and using that in conjunction with the
options.
However, the option "users" fails from a security standpoint, because at
that point, the volume is readable based only on file permissions (which I
admit is the case anytime it's actually mounted, so maybe that's OK).
Perhaps that's the best I'll be able to do. Since pam_mount appears to
deal only with [un]mounting on login/logout, it doesn't achieve what I'm
looking for. Perhaps I'll have to experiment with the automounter.
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list