I managed to setup an encrypted partition that's mounted on boot using dm-crypt/LUKS.
The relevant entry from my /etc/fstab:
/dev/mapper/st_crypt /media/st ext4 defaults 0 2
The partition is mounted at boot, and I can write to it as root just fine, but I have no idea how to make it writable by a normal user (i.e the users group).
I'm trying to have a LUKS encrypted partition mounted at startup and to have GDM ask for my key so it will decrypt. Now I followed [URL] to the letter. Except for now, I have it just mounted into /mnt/cryptohome so I'm not messing with my system. My problem is the one everyone mentions in the comments, ubuntu isn't asking for the LUKS key in the X display, it's asking in the first terminal (Ctrl-Alt-F1). This will not do. I need it to ask to mount my drive before I'm even asked to login, so eventually I can encrypt my /home.
View 9 Replies View RelatedI want to simply mount an ext4 file-system onto a normal mount point in Ubuntu (/media/whereever), as read-writable for the current logged-in user, i.e. me.
I don't want to add anything into /etc/fstab, I just want to do it now, manually. I need super-user privileges to mount a device, but then only root can read-write that mount. I've tried various of the mount options, added it into fstab, but with no luck.
Since i'm on-the-road a lot encryption is crucial, with windows i've always used TrueCrypt and DiskCryptor, this is very easy to setup and allows me to create usb/cd devices that i can boot off and contain a keyfile, on boot it also requires a passphrase. Currently all i need to do is boot from harddisk and enter my passphrase. I would like to be able to boot from external device (in this case USB) that contains the bootloader and an integrated keyfile, also it should requist the passphrase. I found a guide on how to achieve two-factor authentication with dm-crypt on feisty but it's quite an old guide and is realy realy complicated for a newbie
View 1 Replies View RelatedI'm simply interested in a more basic discussion of why one would choose one of these methods over the other. What do they offer that the other does not? I'll start with what I know:
- dm-crypt/LUKS
--- included in a lot of install images already; in other words, perhaps easier to implement on a fresh install
- TrueCrypt
--- multiple encryption algorithms possible
[code]....
For me... I have no need for Windows compatibility, though I do use OS X on a dual booting MacBook. I believe TrueCrypt woks with OS X, so that could be a bonus, though I can simply encrypt my home folder on OS X with it's own FireVault and be fine.My setup (after wiping and starting over) will probably be like so:
- /boot on it's own primary partition
- / on it's own primary partition with logical partitions within
--- /usr, /var, /etc, /opt, and the like on a logical partition
--- /home on a logical partition
/home will surely be encrypted and I'm leaning toward encrypting the rest as well, though perhaps it's not necessary. I'm open to input there as well -- is there anything the leaks from normal application use into /var or /tmp that would make one lean toward just encrypting the whole thing?
I opened up TrueCrypt just to look at it and since I can't encrypt a whole partition without losing data... I pretty much have to encrypt from what? A live CD? This could be a drawback -- I think since TrueCrypt isn't coming on install disks, I'd have to go with an unencrypted (or dm-crypt/LUKS) root partition and then use TrueCrypt to make a container (or partition) for /home only. I can't think of another way to do this since I can't encrypt the whole disk as one entity with my dual booting situation...
I have a perfectly OK 2.5 inch disk drive from a dead laptop (graphics card failed).
The hard drive is fine. I know the passphrase.
I had installed Ubuntu 10.04 with full fisk encryption using dm-crypt/luks using the alternate install cd.
I'm not exactly sure of the configuration I selected. Just that its full disk encryption with a pre-boot passphrase prompt.
Now my issue is, I have put the drive into a usb drive docking station, and I simply want to mount the partition on my new laptop, so I can copy the files over.
I've tried googling for various things like "mount dm-crypt drive linux" and "how to mount a luks encrypted partition linux", but I get no results.
When I upgraded from FC11 to FC12 of the encrypted raid partitions started to request password on boot (in FC11 not having references to encrypted md1 in fstab and crypttab, was enough for FC11 not to ask for passwords on boot) despite the fact that I removed /etc/crypttab and there is nothing in /etc/fstab relating to encrypted md1 (raid array). I want my machine to boot w/o asking me passwords for encrypted devices, and I will open and mount them myself manually after boot.
View 11 Replies View RelatedIt seems I've run into a bit of a problem. I recently upgraded to the latest kernel 2.6.32-24-generic (x86) but when I reboot into the new kernel and type in my password the system hangs, same when using a keyfile on the root file system.to give an outline of how the disks are setup.3 hard drives
sda1 / = unencrypted
sdb1 /home = encrypted w/ luks
sdc1 /backup = encrypted w/ luks
When i boot to the original kernel 2.6.32-21 I'm able to successfully get into the system.
I have an HP laptop with a recently installed copy of Mint 8 KDE Community Edition. I created the initial admin user account ("joseph") when I installed.
I had an existing home directory under a different name from another installation, so I added a user with that name ("joe") and imported a copy of the original home directory. The user "joe" didn't have the same admin privileges as the initial "joseph" account, so I added "joe" to the sudoers file and the same groups as the initial admin user.
Everything works perfectly under this arrangement, for the most part. Now here's the problem:
I have a T-Mobile G1 phone that uses Android. I've rooted and ROM-modded the G1, and have the microSD card in the phone set up with two partitions. The vfat partition stores all the photos, music and other stuff the phone needs. The ROM mod allows me to store apps on the SD card, so that second partition uses ext3 for its file system.
When I'm logged in as the admin "joseph" account and I insert the SD card in the laptop's card slot (or plug the phone into the USB port), the SD card can be mounted, and I have full access to both card partitions. I can see all folders. I do this to backup the contents of the card to an external drive (especially the apps in the ext3 partition, since that's been trashed on me once before on the phone).
However, when I log in as "joe", I cannot view the contents of the ext3 partition at all. I can see the vfat drive fine, and the ext3 partition mounts, but with user/group "joseph/joseph." When I open Dolphin to view the mounted ext3 partition, I get the error "could not enter folder /media/disk-1" at the bottom of the view window in Dolphin.
Here are the relative entries returned when I run "mount" to view the mounted drives:
/dev/mmcblk0p1 on /media/disk type vfat (rw,nosuid,nodev,uhelper=hal,uid=1001,utf8,shortname=mixed,flush)
/dev/mmcblk0p2 on /media/disk-1 type ext3 (rw,nosuid,nodev,uhelper=hal)
Note that the uid listed on the vfat mount is 1001, which is the gid for the "joe" account.
I know there must be a configuration setting somewhere that will allow the ext3 partition to automount under the "joe" user account. I suppose that using the admin account to change the permissions would be the easy way to do this, but there must be something that would do it automagically. I've ripped through all the config files I can find, but can't seem to find anything that would help.
All I'm looking for here is enough access to be able to copy the directories on that mount to my external drive.
I'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
I need to change my LUKS partition to NTFS as I do not need the boot partition any longer, but I need to keep sdb3 (truecrypted ext3) intact. This is how the disk looks now:
Code:
Disk /dev/sdb: 1000.2 GB, 1000204886016 bytes
255 heads, 63 sectors/track, 121601 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
[code]....
On Opensuse 11.3,a normal user could not access and modify files in other partitions as the default setting .Is there any way to give a permission to a normal user to do these things instead of do these as a root user?
View 9 Replies View RelatedI have a 500 G, where 80 are used for FC13. I added a new 80 G partiton, using Disk Utiliy, called it Backup, and I can access it when I am logged as root, When I log with any other user, even with all privileges (added almost in all groups), I get a dialog box requesting authentication.
I enter my user password, file manage just disappears as soon as dialog box disappears and I think it is a permission issue again.
In disk utility opposite to Device there is "dev/sdb", in mount point there is media/backup.
I opened fstab, I can not see an entry, here is the fstab :
Quote:
#
# /etc/fstab
# Created by anaconda on Wed Jun 16 00:58:19 2010
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
[Code]....
So what is the route to follow to follow to allow my user to access normally read and write to it without anu persmission issues
I need to mount a partition that is on a server (via samba).
I am doing the following in my fstab
Quote:
//server/www /media/www cifs rw,user,allow_other,default_permissions,credential s=/root/.smbcredentials,iocharset=utf8,dir_mode=0777,file_ mode=0777 0 0
I can mount it but it just allows me to access with the root user. How can I do it to get access with any user?
Additional Data: I added "rw,user,allow_other,default_permissions" because I thought that would solve de problem but it didn't.
I have a really odd problem when I mount a partition with Nautilus is attributed to another user, I don't know why. I've tried by adding the following like in /etc/fstab
/dev/sda2 /media/windoze ext3 user,noauto,rw 0 0
Then I can mount the partition but in this case it is attributed to the root and I don't have the permission to read it. I cannot understand why since I've given the 'user' option.
I need to move a LUKS encrypted partition to the end of a harddrive to expand another partition. Does anyone know how to do this?
Is it possible to do this with other partition editing programs?
Gparted doesnt support LUKS/LVM
I want to write a shell script which will simultaneously collect OS user information and write in an individual text files.Can anyone tell me the syntax of the script.N.B. The user name will be mentioned in an array within the shell script.
View 8 Replies View RelatedI am running Fedora 14 with the Gnome desktop and I have a 1 TB external hard drive that is msdos with approximately 200 gbs of data on it. I can unlock it and even read and copy files to my internal hard drive but I cannot add files to it, I use to be able to. I didn;t think i changed permissions.
View 3 Replies View RelatedI have mounted a iomega file system on a cetos os machine using
mount.cifs //filserver-ip/directory /home/my-home/mounted-file -o
user=username
(** mounted as root) The mounting works fine.
The problem arises when I try to create a sub-directory inside the mounted directory. All the newly created sub directories become write protected.
I am accessing this file system from R software and it needs to write/create directories in side this mounted directory.
how can newly created sub-directories will become automatically writable, so that R can create new sub-directories and write data inside those directories.
I've looked everywhere but I can't find where to change the default box for incoming mail, or am I on the wrong track. It's a nuisance having to change folders and I can't configure wastebin to empty on exit.And I can't get kmail to import from evolution. Do I have to go to the evolution storage and do it manually, and if so, how do I do that?
View 1 Replies View RelatedUsing opensuse 11.1 64 bit with kde 4.1.3, apps like k3b, or any multimedia apps can not see the optical drives unless I run the apps as root. I also found that to run bladeenc, I have to do it in a root terminal. Is there a way to set permissions for the normal user? Firefox or any text editor work fine as normal user.
View 6 Replies View RelatedI am unable to mount my ext hdd as normal user ,i am using xfce Unable to mount "80G Volume":
Rejected send message, 1 matched rules; type="method_call", sender=":1.23" (uid=1000 pid=2776 comm="exo-mount) interface="org.freedesktop.Hal.Device.Volume" member="Mount" error name="(unset)" requested_reply=0 destination="org.freedesktop.Hal" (uid=0 pid=1908 comm="/usr/sbin/hald))
I have installed Oracle Database server in Red Hat Linux for the first time. I edited the .bash_profile first time & defined some parameters like "export ORACLE_SID =orcl".I quit the editing. Then When I entered ". .bash_profile" it got error " not a valid identifier" it shows like "bash: export: '=orcl' : not a valid identifier for all the lines I edited it shows same error beacause I think I put a space in between "ORACLE_SID" & "=orcl".
So when I tried to edit that using "vi .bash_profile" being a normal user. It doesn't allow me editing.when I try to delete that space (because I think I have got error) using Backspace key on my computer,,it just moves the cursor to left in stead of deleting that space.
I have just installed VirtualBox on my OpenSuSE 11.1 and created my first VM (Windows XP) - and everything works just fine, but.... I can only run it as user root (if I remember correctly I could only install VirtualBox as root)Anybody know what I need to do so that I can run VirtualBox under a normal user account.
View 2 Replies View RelatedIs there way we can restrict root to su to normal user. Or at least a way to prompt for the password when root tries to su <username>.
View 3 Replies View RelatedWhen I install a software as root ,everything is ok. But When I install it as other user, I got a error info.
ERROR info:
(setup_linux32:28652): Gtk-WARNING **: cannot open display:
My host:
cat /proc/version
Linux version 2.6.18-164.el5(gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) #1 SMP Tue Aug 18 15:51:54 EDT 2009
I am trying to see the last 5 mails in a single window that the rootuser has sent to a particular normal user.However,I am not able to do so.Is there any command that can display the last 5 mails in a single window sent to a particular user?
View 3 Replies View RelatedI have found so many ways for root user to execute commands in so many possible path locations - but having difficulties on executing commands as normal user - during start up.This is what i've got for /etc/rc.d/rc.local script:Code:su -l user && (/bin/sh svc_cmd.sh &)But the command doesn't run at all...
View 2 Replies View RelatedI'm using LVM-based partitioning. I can not mount one partition. Here is some information I can provide.
Untitled-1.png
snapshot7.png
snapshot8.png
This incident happened after I try to encrypt this partition and then an error message appears. If not mistaken, it contains an error number (I forget) and a warning which reads that can not remove the LABEL on the devices.
On a Fedora Core box, I have a normal non-privileged user and I also have sole access to the root account. Because I am the only administrator of this box, I frequently su over to root for administrative tasks. The problem is that many of the user configuration I've become accustomed to are only configured on my day-to-day account (.vimrc, .bashrc, .screenrc, etc). Other than giving my day-to-day user account privileges to perform administration tasks, how would I go about sharing configuration between these two accounts?
View 1 Replies View Related
