[CLUE-Tech] User Mount of Encrypted Volumes vi Loopback
Jed S. Baer
thag at frii.com
Tue Nov 25 15:44:33 MST 2003
On Tue, 25 Nov 2003 13:20:20 -0700
David Anselmi <anselmi at americanisp.net> wrote:
> Match Grun wrote:
> [...]
> > Maybe you should mount this as yourself somewhere in your home
> > directory. Don't use fstab, but your .bashrc script to perform the
> > mount. You own the directory and also the mount point so you should
> > not have a permissions problem. This is a similar trick that xfsamba
> > uses to mount smb shares in a users home directory.
>
> You'd own the file and the mount point, and Keith has suggested owning
> the loop device too. Who owns the root inode of the encrypted
> filesystem? I guess that inside the file is a long string of
> ciphertext, so the root inode is inside that.
>
> It's the root inode that controlls the directory permissions of the
> mount point when the fs is mounted, so maybe that's the problem. Just a
> guess though, I'm looking forward to hearing the solution.
Interesting that there isn't aren't options to set owner and default
permissions with mke2fs. However, the apparent owner of the root inode is
whoever runs it. But, that still makes no difference with being able to
mount it. It does however, affect the owner of the mount point when it's
mounted. lost+found is still owned by root, even when running mke2fs as
plain-user.
One other thing though, is that in order to create an ext2 (or 3 for that
matter) filesystem, you have to use the losetup command (unlike mkisofs).
And it isn't by default setuid. So what it comes down to is that there
isn't any way, AFAICT, for a non-root user to create/manage their own
little encrypted virtual disk. Or, at least not using anything I can find.
At two points, you need root access: 1) losetup, 2) editing /etc/fstab.
I haven't played with the automounter yet, but I'm not hopeful of it
providing any help. Besides which, it still involves being root to setup
the mapping, so I probably won't bother.
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list