I used TrueCrypt for a long time in Kubuntu, in which I used a keyboard shortcut to automatically mount a drive. Nowadays I use VeraCrypt, but I am always prompted for my sudo password after entering the password for the encrypted drive. This was never necessary in TrueCrypt.
It occurred to me that I could potentially mount the drive as a removable media (this is an operation that does not require a root password), but when mounting the drive to /mount/ (which is where removable media is mounted), I still get the sudo password request.
Furthermore, an option in VeraCrypt allows Volume Mounted as Removable Medium, but this option simply doesn't exist in the version I'm running in Linux (v1.19).
What is going on here? How can I request that the VeraCrypt mounting process behave like removable media? Entering my password every mount and dismount is irritating.
Best Answer
One option would be to set the the SUID bit on veracrypt. This would make sure it took on root privileges whenever run.
Generally, however, I try to avoid the SUID or SGID bits, as they allow any user with permission to execute the binary to use it at elevated privileges.
A better option:
Another option you have if you've got
sudois to create a group with password-free sudo privileges for veracrypt.This is definitely a still a little less secure than always requiring a password, as is always the case when creating sudo rules like this. Make sure you read this carefully and understand what it entails to ensure you do not create a security risk!
Before you begin, you want to ensure that the
/usr/bin/veracryptbinary is not writable by group or other.Confirm that it is not writable by another other than the owner:
First, create a new group:
Next, add your user(s) to the group:
Now you now use
visudoto create a new sudo rule:This one will allow the
veracrypt_groupto run/usr/bin/veracryptwithout a password.