Ubuntu
dislocker package

Permission isuues using dislocker for bitlocker encrypted drive on ubuntu 16.04 LTS

Asked by darshit on 2017-08-24

First of all I am a newcomer in Ubuntu. I want to use my bit-locker encrypted internal hard drive in Ubuntu 16.04 LTS 32 bit system. So I have downloaded dislocker (dislocker-master.zip).

The extracted zip file compiled and installed Dislocker on Ubuntu according to the instruction given in INSTALL.md file. To use Dislocker they have written as

Once installed, see dislocker(1) for details on how to use it.

in INSTALL.md file but I cannot find dislocker(1) anywhere in the extracted zip file. So I searched on Google that how to use it and I found tutorial on https://www.youtube.com/watch?v=n7XT5fK4iwA.

According to this, last line in terminal

sudo mount -o loop /media/drive1/dislocker-file /media/mount1/

shows the error:

ntfs-3g-mount: mount failed: Permission denied

To fix this, I searched on Google and found a command on https://github.com/Aorimn/dislocker/issues/86, so I used the command:

sudo mount -o ro,loop /media/drive1/dislocker-file /media/mount1/

which opens the Bitlocker-encrypted drive as read-only. But I want write access also. How can I do that?

Things I have tried:

$ sudo chown jin:jin drive1
chown: changing ownership of 'drive1': Function not implemented

$ chmod 777 drive1/
error: chmod: changing permissions of 'drive1/': Function not implemented

I have also checked Use (Windows) BitLocker-encrypted drive on Ubuntu 14.04 LTS with result (my password is starting with 1):

$ sudo dislocker -r -V /dev/sda3 -123*** -- /media/drive1
dislocker: invalid option -- '1'
dislocker by Romain Coltel, v0.7.1 (compiled for Linux/x86)

Usage: dislocker [-hqrsv] [-l LOG_FILE] [-O OFFSET] [-V VOLUME DECRYPTMETHOD -F[N]] [-- ARGS...]
with DECRYPTMETHOD = -p[RECOVERY_PASSWORD]|-f BEK_FILE|-u[USER_PASSWORD]|-k FVEK_FILE|-c

Options:
    -c, --clearkey decrypt volume using a clear key (default)
    -f, --bekfile BEKFILE
                          decrypt volume using the bek file (on USB key)
    -F, --force-block=[N] force use of metadata block number N (1, 2 or 3)
    -h, --help print this help and exit
    -k, --fvek FVEK_FILE decrypt volume using the FVEK directly
    -l, --logfile LOG_FILE
                          put messages into this file (stdout by default)
    -O, --offset OFFSET BitLocker partition offset, in bytes (default is 0)
    -p, --recovery-password=[RECOVERY_PASSWORD]
                          decrypt volume using the recovery password method
    -q, --quiet do NOT display anything
    -r, --readonly do not allow to write on the BitLocker volume
    -s, --stateok do not check the volume's state, assume it's ok to mount it
    -u, --user-password=[USER_PASSWORD]
                          decrypt volume using the user password method
    -v, --verbosity increase verbosity (CRITICAL errors are displayed by default)
    -V, --volume VOLUME volume to get metadata and keys from

-- end of program options, beginning of FUSE's ones

ARGS are any arguments you want to pass to FUSE. You need to pass at least
the mount-point.

Tue Aug 22 14:16:09 2017 [CRITICAL] Failed to open : No such file or directory
*** Error in `dislocker': corrupted size vs. prev_size: 0x816bb090 ***
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(+0x67377)[0xb755c377]
/lib/i386-linux-gnu/libc.so.6(+0x6d2f7)[0xb75622f7]
/lib/i386-linux-gnu/libc.so.6(+0x6d6ce)[0xb75626ce]
/lib/i386-linux-gnu/libc.so.6(+0x6e395)[0xb7563395]
/lib/i386-linux-gnu/libc.so.6(_IO_setb+0x61)[0xb7560171]
/lib/i386-linux-gnu/libc.so.6(_IO_file_close_it+0xa3)[0xb755e8b3]
/lib/i386-linux-gnu/libc.so.6(fclose+0x89)[0xb7552a69]
/usr/local/lib/libdislocker.so.0.7(dis_stdio_end+0x2b)[0xb76b1150]
/usr/local/lib/libdislocker.so.0.7(dis_destroy+0x68)[0xb76af4cf]
/usr/local/lib/libdislocker.so.0.7(dis_initialize+0xe6)[0xb76af5c8]
dislocker(main+0xe8)[0x80095eb2]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf7)[0xb750d637]
dislocker(+0x951)[0x80095951]
======= Memory map: ========
80095000-80097000 r-xp 00000000 08:06 550017 /usr/local/bin/dislocker-fuse
80097000-80098000 r--p 00001000 08:06 550017 /usr/local/bin/dislocker-fuse
80098000-80099000 rw-p 00002000 08:06 550017 /usr/local/bin/dislocker-fuse
816bb000-816dc000 rw-p 00000000 00:00 0 [heap]
b6f00000-b6f21000 rw-p 00000000 00:00 0
b6f21000-b7000000 ---p 00000000 00:00 0
b707b000-b7097000 r-xp 00000000 08:06 1588 /lib/i386-linux-gnu/libgcc_s.so.1
b7097000-b7098000 rw-p 0001b000 08:06 1588 /lib/i386-linux-gnu/libgcc_s.so.1
b70ae000-b70b0000 rw-p 00000000 00:00 0
b70b0000-b7103000 r-xp 00000000 08:06 1620 /lib/i386-linux-gnu/libm-2.23.so
b7103000-b7104000 r--p 00052000 08:06 1620 /lib/i386-linux-gnu/libm-2.23.so
b7104000-b7105000 rw-p 00053000 08:06 1620 /lib/i386-linux-gnu/libm-2.23.so
b7105000-b710e000 r-xp 00000000 08:06 1560 /lib/i386-linux-gnu/libcrypt-2.23.so
b710e000-b710f000 r--p 00008000 08:06 1560 /lib/i386-linux-gnu/libcrypt-2.23.so
b710f000-b7110000 rw-p 00009000 08:06 1560 /lib/i386-linux-gnu/libcrypt-2.23.so
b7110000-b7137000 rw-p 00000000 00:00 0
b7137000-b71c1000 r-xp 00000000 08:06 528942 /usr/lib/i386-linux-gnu/libgmp.so.10.3.0
b71c1000-b71c2000 r--p 00089000 08:06 528942 /usr/lib/i386-linux-gnu/libgmp.so.10.3.0
b71c2000-b71c3000 rw-p 0008a000 08:06 528942 /usr/lib/i386-linux-gnu/libgmp.so.10.3.0
b71c3000-b71c4000 rw-p 00000000 00:00 0
b71c4000-b746a000 r-xp 00000000 08:06 535258 /usr/lib/i386-linux-gnu/libruby-2.3.so.2.3.0
b746a000-b746e000 r--p 002a5000 08:06 535258 /usr/lib/i386-linux-gnu/libruby-2.3.so.2.3.0
b746e000-b746f000 rw-p 002a9000 08:06 535258 /usr/lib/i386-linux-gnu/libruby-2.3.so.2.3.0
b746f000-b7476000 rw-p 00000000 00:00 0
b7476000-b74cd000 r-xp 00000000 08:06 535153 /usr/lib/i386-linux-gnu/libmbedcrypto.so.2.2.1
b74cd000-b74ce000 ---p 00057000 08:06 535153 /usr/lib/i386-linux-gnu/libmbedcrypto.so.2.2.1
b74ce000-b74d0000 r--p 00057000 08:06 535153 /usr/lib/i386-linux-gnu/libmbedcrypto.so.2.2.1
b74d0000-b74d1000 rw-p 00059000 08:06 535153 /usr/lib/i386-linux-gnu/libmbedcrypto.so.2.2.1
b74d1000-b74d3000 rw-p 00000000 00:00 0
b74d3000-b74ec000 r-xp 00000000 08:06 1694 /lib/i386-linux-gnu/libpthread-2.23.so
b74ec000-b74ed000 r--p 00018000 08:06 1694 /lib/i386-linux-gnu/libpthread-2.23.so
b74ed000-b74ee000 rw-p 00019000 08:06 1694 /lib/i386-linux-gnu/libpthread-2.23.so
b74ee000-b74f0000 rw-p 00000000 00:00 0
b74f0000-b74f3000 r-xp 00000000 08:06 1574 /lib/i386-linux-gnu/libdl-2.23.so
b74f3000-b74f4000 r--p 00002000 08:06 1574 /lib/i386-linux-gnu/libdl-2.23.so
b74f4000-b74f5000 rw-p 00003000 08:06 1574 /lib/i386-linux-gnu/libdl-2.23.so
b74f5000-b76a5000 r-xp 00000000 08:06 1550 /lib/i386-linux-gnu/libc-2.23.so
b76a5000-b76a7000 r--p 001af000 08:06 1550 /lib/i386-linux-gnu/libc-2.23.so
b76a7000-b76a8000 rw-p 001b1000 08:06 1550 /lib/i386-linux-gnu/libc-2.23.so
b76a8000-b76ab000 rw-p 00000000 00:00 0
b76ab000-b76c7000 r-xp 00000000 08:06 550014 /usr/local/lib/libdislocker.so.0.7.1
b76c7000-b76c8000 r--p 0001b000 08:06 550014 /usr/local/lib/libdislocker.so.0.7.1
b76c8000-b76c9000 rw-p 0001c000 08:06 550014 /usr/local/lib/libdislocker.so.0.7.1
b76c9000-b76f8000 r-xp 00000000 08:06 1587 /lib/i386-linux-gnu/libfuse.so.2.9.4
b76f8000-b76f9000 ---p 0002f000 08:06 1587 /lib/i386-linux-gnu/libfuse.so.2.9.4
b76f9000-b7702000 r--p 0002f000 08:06 1587 /lib/i386-linux-gnu/libfuse.so.2.9.4
b7702000-b7703000 rw-p 00038000 08:06 1587 /lib/i386-linux-gnu/libfuse.so.2.9.4
b7718000-b771b000 rw-p 00000000 00:00 0
b771b000-b771d000 r--p 00000000 00:00 0 [vvar]
b771d000-b771f000 r-xp 00000000 00:00 0 [vdso]
b771f000-b7741000 r-xp 00000000 08:06 1522 /lib/i386-linux-gnu/ld-2.23.so
b7741000-b7742000 rw-p 00000000 00:00 0
b7742000-b7743000 r--p 00022000 08:06 1522 /lib/i386-linux-gnu/ld-2.23.so
b7743000-b7744000 rw-p 00023000 08:06 1522 /lib/i386-linux-gnu/ld-2.23.so
bff87000-bffa8000 rw-p 00000000 00:00 0 [stack]
Aborted (core dumped)

What does it mean? I tried the command for key recovery key,

$ sudo dislocker -r -V /dev/sdaX -p1536987-000000-000000-000000-000000-000000-000000-000000 -- /media/bitlocker

and password,

$ sudo dislocker -r -V /dev/sda3 -u -- /media/drive1

which worked fine but the command

$ mount -r -o loop dislocker-file /media/mount

with -r option does not give any error but opens the drive in read-only mode and without -r option gives same error: permission denied.

I also checked the comment:

Dislocker should support read-write (rw) access to some Bitlocker containers/versions, "the source" link says windows 8 rw access wasn't supported yet" (in 2014) and a comment says it would silently mount as ro (even though mount shows as rw)" probably leading to the mount error ntfs-3g-mount: mount failed: Permission denied. Omitting the -r option to Dislocker & mount should try mounting rw

– Xen2050 Jan 25 at 10:45

But does not understand any. Does it mean that drive encrypted with bitlocker of windows 7 can open in write mode? I tried with the drive encrypted with bitlocker of windows 7 but it also throws the same error and opens only in read mode. Now how can I enable write access in my Bitlocker-encrypted drive with Ubuntu?

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu dislocker Edit question

Assignee:: No assignee Edit question

Solved by:: darshit

Solved:: 2017-09-05

Last query:: 2017-09-05

Last reply:: 2017-09-04

Link existing bug

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2017-08-24:

NTFS doesn't hold Linux permissions. You need to set the access in the mount command. The permissions apply to the whole drive.

Revision history for this message

darshit (darshitparekh73) said on 2017-08-24:

How to set write the access in the mount command? Can you explain? I know that permission issue is with mount command and not with NTFS. But the question is how to resolve that issue?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-24:

https://askubuntu.com/questions/113733/how-do-i-correctly-mount-a-ntfs-partition-in-etc-fstab may help

Revision history for this message

darshit (darshitparekh73) said on 2017-08-25:

Can you specify command how and where to write this options "uid=1000,gid=1000,dmask=027,fmask=137"?

What I tried and get error every time:

jon@jon-X550CA:~$ sudo chmod 777 /media/mount1
chmod: changing permissions of '/media/mount1': Read-only file system
jon@jon-X550CA:~$ sudo chown 777 /media/mount1
chown: changing ownership of '/media/mount1': Read-only file system
jon@jon-X550CA:~$ sudo chown jon:jon /media/mount1
chown: changing ownership of '/media/mount1': Read-only file system
jon@jon-X550CA:~$ sudo chown -R jon:jon /media/mount1
chown: changing ownership of '/media/mount1': Read-only file system

Also tried ntfs-config GUI utility but it also shows error:

Revision history for this message

darshit (darshitparekh73) said on 2017-08-25:

The given link may be for Mounting NTFS Partitions in Ubuntu at Startup but at startup in my case the drive is encrypted by bitlocker and when I open it using dislocker in ubuntu it is not showing as NTFS partition - may be.

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-25:

You can provide the extra options "uid=1000,gid=1000,dmask=027,fmask=137" either in the /etc/fstab file, or as additional parameter in a manual mount command.

in fstab something like
/dev/sda5 /mnt/excess ntfs defaults,uid=1000,gid=1000,dmask=027,fmask=137,rw 0 0

in a mount command something like
sudo mount /dev/sda5 /mnt/excess -t ntfs -o uid=1000,gid=1000,dmask=027,fmask=137,rw

(Maybe you better use ntfs-3g as file system type.)

Remark to your original question:
Your command
sudo mount -o ro,loop /media/drive1/dislocker-file /media/mount1/
includes "ro" which tells the system to loop mount the device readonly.
Maybe just chaning this into
sudo mount -o rw,loop /media/drive1/dislocker-file /media/mount1/
is all you need.

Revision history for this message

darshit (darshitparekh73) said on 2017-08-28:

Command below shows error an what I need is to rid away from this error:

john@john-X550CA:~$ sudo mount -o rw,loop /media/drive1/dislocker-file /media/mount1/
ntfs-3g-mount: mount failed: Permission denied

Revision history for this message

darshit (darshitparekh73) said on 2017-08-28:

Specifying extra options in mount command shows error:

john@john-X550CA:~$ sudo mount -t ntfs -o uid=1000,gid=1000,dmask=027,fmask=137,/media/drive1/dislocker-file /media/mount1/ (as modified version of command sudo mount -o ro,loop /media/drive1/dislocker-file /media/mount1/
how can I relate two commands given above and sudo mount /dev/sda5 /mnt/excess -t ntfs -o uid=1000,gid=1000,dmask=027,fmask=137,rw ? - I may not have related these command properly so I am getting this error?)
mount: can't find /media/mount1/ in /etc/fstab

Revision history for this message

darshit (darshitparekh73) said on 2017-08-28:

I can not provide the extra options "uid=1000,gid=1000,dmask=027,fmask=137" in the /etc/fstab file because at the time of starting ubuntu mount point option is not created yet because dislocker only makes "dislocker file" after giving right password of encrypted drive which can be mounted to mount1 directory - so I have provided additional parameter in a manual mount command which is given in previous comment.

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-28:

#10

1. RE: "john@john-X550CA:~$ sudo mount -o rw,loop /media/drive1/dislocker-file /media/mount1/
ntfs-3g-mount: mount failed: Permission denied"
WHat are the access rights settings of /media/drive1/dislocker-file and /media/mount1/ ?

2. RE: "mount: can't find /media/mount1/ in /etc/fstab"
I assume you wrongly put a comma instead of a blank between the options and the /media/drive1/dislocker-file parameter

Revision history for this message

darshit (darshitparekh73) said on 2017-08-29:

#11

john@john-X550CA:~$ sudo mount -t ntfs -o uid=1000,gid=1000,dmask=027,fmask=137 /media/drive1/dislocker-file /media/mount1/
ntfs-3g-mount: mount failed: Permission denied

How to check access rights settings of /media/drive1/dislocker-file and /media/mount1/ ?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-29:

#12

you can see the access rights settings with

ls -l ...file_or_directory_name...

Revision history for this message

darshit (darshitparekh73) said on 2017-08-30:

#13

output of command:

john@john-X550CA:~$ sudo ls -l /media/drive1/dislocker-file
-r--r--r-- 1 root root 308052262912 Jan 1 1970 /media/drive1/dislocker-file
john@john-X550CA:~$ sudo ls -l /media/mount1/
total 0

what does it mean? How can I change access rights settings of /media/drive1/dislocker-file and /media/mount1/ ?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-30:

#14

Changing the access rights and file ownership is done with the chmod and chown commands.

You could try

sudo chmod u+w /media/drive1/dislocker-file

The complete details of /media/mount1 have not been shown by my previous command, try with

ls -ld /media/mount1/

Revision history for this message

darshit (darshitparekh73) said on 2017-08-31:

#15

Output of command:

john@john-X550CA:~$ sudo chmod u+w /media/drive1/dislocker-file
chmod: changing permissions of '/media/drive1/dislocker-file': Function not implemented
john@john-X550CA:~$ ls -ld /media/mount1
drwxr-xr-x 2 root root 4096 Aug 25 21:19 /media/mount1

chmod failed - is there any other way ?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-31:

#16

Try

sudo chmod a+w /media/mount1

Revision history for this message

darshit (darshitparekh73) said on 2017-08-31:

#17

Output of command:

john@john-X550CA:~$ sudo dislocker -r -V /dev/sda4 -u -- /media/drive1
Enter the user password:
john@john-X550CA:~$ sudo chmod a+w /media/mount1
john@john-X550CA:~$ sudo mount -o loop /media/drive1/dislocker-file /media/mount1/
ntfs-3g-mount: mount failed: Permission denied
john@john-X550CA:~$ sudo mount -o rw,loop /media/drive1/dislocker-file /media/mount1/
ntfs-3g-mount: mount failed: Permission denied
john@john-X550CA:~$

The command sudo chmod a+w /media/mount1 gives no error but when I mount the dislocker-file it shows permission denied. What is the problem?

Revision history for this message

darshit (darshitparekh73) said on 2017-08-31:

#18

john@john-X550CA:~$ sudo mount -o ro,loop /media/drive1/dislocker-file /media/mount1/
john@john-X550CA:~$ sudo chmod a+w /media/mount1
chmod: changing permissions of '/media/mount1': Read-only file system

Revision history for this message

darshit (darshitparekh73) said on 2017-08-31:

#19

Even chown does not work :

john@john-X550CA:~$ sudo umount /media/mount1
john@john-X550CA:~$ sudo umount /media/drive1
john@john-X550CA:~$ sudo dislocker -r -V /dev/sda4 -u -- /media/drive1
Enter the user password:
john@john-X550CA:~$ sudo chown john:john /media/drive1/dislocker-file
chown: changing ownership of '/media/drive1/dislocker-file': Function not implemented

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-31:

#20

Are you aware that the -r option of the dislocker command means "readonly"? Have you tried without?

To re-check the access rights, what is the output

sudo umount /media/mount1
sudo umount /media/drive1
ls -ld /media/mount1
ls -ld /media/drive1

Revision history for this message

darshit (darshitparekh73) said on 2017-08-31:

#21

Here is the output without -r option :

john@john-X550CA:~$ sudo dislocker -V /dev/sda4 -u -- /media/drive1
Enter the user password:
john@john-X550CA:~$ sudo chmod u+w /media/drive1/dislocker-file
chmod: changing permissions of '/media/drive1/dislocker-file': Function not implemented
john@john-X550CA:~$ sudo chmod a+w /media/drive1
chmod: changing permissions of '/media/drive1': Function not implemented
john@john-X550CA:~$ ls -ld /media/mount1
drwxrwxrwx 2 root root 4096 Aug 25 21:19 /media/mount1
john@john-X550CA:~$ ls -ld /media/drive1
ls: cannot access '/media/drive1': Permission denied
john@john-X550CA:~$ sudo ls -ld /media/drive1
dr-xr-xr-x 2 root root 0 Jan 1 1970 /media/drive1
john@john-X550CA:~$ sudo ls -ld /media/mount1
drwxrwxrwx 2 root root 4096 Aug 25 21:19 /media/mount1
john@john-X550CA:~$

I am not aware/sure that the -r option of the dislocker command means "readonly". I have taken/copied whole command from https://askubuntu.com/questions/617950/use-windows-bitlocker-encrypted-drive-on-ubuntu-14-04-lts/ . I do not know anything about its option i.e. what -r or -V suggests/represents ?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-08-31:

#22

Read the manpages to see the meaning of the options.

Revision history for this message

darshit (darshitparekh73) said on 2017-09-03:

#23

Yes you are right. The -r option of the dislocker command means "readonly". manpages says:

-r, --readonly
do not allow to write on the BitLocker volume (read only mode)

But when I try without -r it also gives same error as per my previous comment.

Revision history for this message

darshit (darshitparekh73) said on 2017-09-03:

#24

I can copy - paste and delete using command line in terminal i.e. using cp and delete command but I can not copy paste in graphical file manager. It shows "error: while copying to drive. The destination is read only."

output of command:

john@john-X550CA:/media/mount1$ ls -ld
drwxrwxrwx 1 root root 16384 Sep 3 16:20 .

Is there anything wrong in permission or still something is missing in file manager?

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-09-03:

#25

I suggest that you verify step by step:

What are the security settings for /media/drive1 and /media/mount1 before you issue the "sudo dislocker ..." command, and do they change when you initiate the decryption, and mount the volume?

Revision history for this message

darshit (darshitparekh73) said on 2017-09-04:

#26

Here is output of file permission command before and after "sudo dislocker ..." command :

john@john-X550CA:~$ sudo ls -ld /media/drive1
drwxr-xr-x 2 root root 4096 Aug 25 21:19 /media/drive1
john@john-X550CA:~$ sudo ls -ld /media/mount1
drwxrwxrwx 2 root root 4096 Aug 25 21:19 /media/mount1
john@john-X550CA:~$ sudo dislocker -V /dev/sda4 -u -- /media/drive1
Enter the user password:
john@john-X550CA:~$ sudo mount -o rw,loop /media/drive1/dislocker-file /media/mount1/
john@john-X550CA:~$ sudo ls -ld /media/drive1dr-xr-xr-x 2 root root 0 Jan 1 1970 /media/drive1
john@john-X550CA:~$ sudo ls -ld /media/mount1drwxrwxrwx 1 root root 16384 Sep 3 14:18 /media/mount1

Revision history for this message

Manfred Hampl (m-hampl) said on 2017-09-04:

#27

Try setting the protections for /media/drive1 to drwxrwxrwx (chmod a+w ... with the dislocker file not mounted).

Revision history for this message

darshit (darshitparekh73) said on 2017-09-05:

#28

Thanks for the help. That solved my problem.

To post a message you must log in.

Ask a question

Edit question

Ubuntudislocker package

Permission isuues using dislocker for bitlocker encrypted drive on ubuntu 16.04 LTS

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
dislocker package