Ubuntu – How can user mount an encrypted file container in VeraCrypt

mountpermissionssudousersveracrypt

I have a number of external media with VeraCrypt encrypted file containers and I would like the users to mount and use them without giving root privileges to the users.

However at the moment VeraCrypt's always asking for user/admin password apparently sudo-ing mount operation:

How can a user, who's not in the sudoers file mount an .hc file?

Best Answer

Warning: Only use @Pawel Debski solution if agree the following:

Any user or hacker getting access to an user account in veracryptusers group can run any commands as root, by downloading a prepared container file containing malicious code running as root.

So using that solution you might consider to use a special user profile for veracrypt. As a result, sodo is easier to use.

Steps to test the security problem:

Create a container file (ext2-4)
Copy or create a binary file (e.g. whoami)
Change binary owner to root
Add setuid to the binary
Call the binary with a non-root-user account

The binary will run with root privilege.

Hint: I added this solution as the warning at Pawel Debski is inconspicuously. The risk is much greater than the benefit as long as the system has an internet connection.

Related Solutions

Ubuntu – How to give shutdown privileges to a user

You can shut down or restart using HAL or ConsoleKit which will not require you enter an username/password:

HAL (older Ubuntu versions):

dbus-send --system --print-reply --dest=org.freedesktop.Hal /org/freedesktop/Hal/devices/computer org.freedesktop.Hal.Device.SystemPowerManagement.Shutdown

ConsoleKit (newer Ubuntu versions, tested on Ubuntu 11.04):

dbus-send --system --print-reply --dest=org.freedesktop.ConsoleKit /org/freedesktop/ConsoleKit/Manager org.freedesktop.ConsoleKit.Manager.Stop

Best Answer

Related Solutions

Ubuntu – How to give shutdown privileges to a user

Related Question