Ubuntu

Encrypted usb drive has only root priviledges

Asked by Vladimir

I have encrypted my 1G USB drive using these commands:

cryptsetup luksFormat /dev/sda1

cryptsetup luksOpen /dev/sda1 newdisk

I tested the newly created partition with the command
cryptsetup status newdisk
and I've got this result:

/dev/mapper/newdisk is active:
  cipher: aes-cbc-essiv:sha256
  keysize: 128 bits
  device: /dev/sda1
  offset: 1032 sectors
  size: 1998595 sectors
  mode: read/write

Then I formated the partition with
mkfs.ext2 /dev/mapper/newdisk
mount /dev/mapper/newdisk /mnt

and it worked fine. I unmounted the drive with
umount /mnt
cryptsetup luksClose /dev/mapper/newdisk

and rebooted. I did not modify fstab neither crypttab. Everything went fine, no complains. When I inserted USB flash into slot later on, it properly asked for a password and when given one, it mounted the drive automatically. So far everything went smoothly, indeed. The mount command shows:
/dev/mapper/_dev_sdb1 on /media/usbdisk type ext2 (rw,nosuid,nodev)

The problem is, only root has write access to this drive now.

I tried to modify fstab by adding the line
/dev/mapper/_dev_sdb1 /media/usbdisk ext2 noauto,user,unhide 0 2

but on the next reboot it complained that there is no _dev_sdb1 on /dev/mapper and it goes into emergency mode.

I tried /etc/init.d/cryptdisks and /etc/init.d/crypdisks-early turn ON and OFF - no difference.

Please help. Thank you.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Tormod Volden
Solved:
Last query:
Last reply:
Revision history for this message
Tormod Volden (tormodvolden) said : 		#1

By default, only root has write permission to a newly made ext2 filesystem. See https://help.ubuntu.com/community/InstallingANewHardDrive#head-fff5ec7d7c523059a4518c5db5bb68075cb46a43 (not the fstab stuff but the chgrp/chmod stuff).

Revision history for this message
Vladimir (snape) said : 		#2

It did'nt help. The problem remains.

The manual says: If you want to allow a normal user to create files on this drive, you can either give this user ownership of the top directory of the drive filesystem or in a more flexible way, practical if you have several users, allow for instance the users in the plugdev group (usually those who are meant to be able to mount removable disks, desktop users) to create files and sub-directories on the disk.

I did this:

In fstab I added line
/dev/mapper/_dev_sdb1 /media/usbdisk ext2 defaults 0 0

and used the following commands:
chgrp plugdev /media/usbdisk
chmod g+w /media/usbdisk
chmod +t /media/usbdisk

and I exited root.

Upon inserting the encrypted USB flash the system properly asked for a password and then it ignored my mounting point from fstab (/media/usbdisk) and it created a new pounting point /media/usbdisk-1. Again with only root access.

Revision history for this message
Vladimir (snape) said : 		#3

I forget to say that before I used the command

chgrp plugdev /media/usbdisk

I created the directory usbdisk:
mkdir /media/usbdisk

Revision history for this message
Tormod Volden (tormodvolden) said : 		#4

Do you need anything in /etc/fstab? (I said not to read the fstab stuff in that link.)
You must run those commands after the fs is mounted. The changes made are on the fs itself.

Revision history for this message
Vladimir (snape) said : 		#5

Well, actually I don't. But...

I have commented out from the /etc/fstab the line as you suggested:
#/dev/mapper/_dev_sdb1 /media/usbdisk ext2 defaults 0 0

When I insert the encrypted usb flash, it asks for a password and then it mounts the drive for me:
/dev/mapper/_dev_sda1 on /media/usbdisk type ext2 (rw,nosuid,nodev)

with the root ownership only. Then I type
sudo chown -R vladimir:vladimir /media/usbdisk

and bingo! I can write to that drive now.

But this means every time I need to use it, I have to run the chown command, which is very inconvenient. There must be a better way to do it.

Revision history for this message
Best Tormod Volden (tormodvolden) said : 		#6

Are you sure you have to run it again? What does "ls -l /media/usbdisk" say the next time you plug it in? Is it back to root:root as owner/group?

Revision history for this message
Vladimir (snape) said : 		#7

Thanks Tormod Volden, that solved my question.