This problem can have many different origins. The most likely one is that you have a problem with polkit. Do you have a directory called /etc/polkit-1/localauthority? If so, edit, as root, this file: /etc/polkit-1/localauthority/50-local.d/55-storage.pkla and add the following lines:
[Storage Permissions]
Identity=unix-group:plugdev
Action=org.freedesktop.udisks.filesystem-mount;org.freedesktop.udisks.drive-eject;org.freedesktop.udisks.drive-detach;org.freedesktop.udisks.luks-unlock;org.freedesktop.udisks.inhibit-polling;org.freedesktop.udisks.drive-set-spindown
ResultAny=yes
ResultActive=yes
ResultInactive=no
You should also add yourself to the plugdev group,
usermod -a -G plugdev <your username>
which is the correct command for Debian-family distros (Debian, Ubuntu, Mint,...), if you are not on one of those please adapt it to your distro.
If this does not apply, please report back.
One option would be to set the the SUID bit on veracrypt. This would make sure it took on root privileges whenever run.
# chmod u+s /usr/bin/veracrypt
Generally, however, I try to avoid the SUID or SGID bits, as they allow any user with permission to execute the binary to use it at elevated privileges.
A better option:
Another option you have if you've got sudo
is to create a group with password-free sudo privileges for veracrypt.
This is definitely a still a little less secure than always requiring a password, as is always the case when creating sudo rules like this. Make sure you read this carefully and understand what it entails to ensure you do not create a security risk!
Before you begin, you want to ensure that the /usr/bin/veracrypt
binary is not writable by group or other.
Confirm that it is not writable by another other than the owner:
$ ls -lha /usr/bin/veracrypt
-rwxr-xr-x 1 root root 7.1M Sep 11 2019 /usr/bin/veracrypt
First, create a new group:
# groupadd veracrypt_group
Next, add your user(s) to the group:
# usermod -aG veracrypt_group your_user
Now you now use visudo
to create a new sudo rule:
# visudo -f /etc/sudoers.d/veracrypt
This one will allow the veracrypt_group
to run /usr/bin/veracrypt
without a password.
%veracrypt_group ALL=(root) NOPASSWD:/usr/bin/veracrypt
Best Answer
To read that file, the partition would have to be mounted. The auto-mounting is a feature of the operating system (actually hotplug, or some other service monitoring USB) and has to be turned off per-machine.