Xfce support for encrypted volumes?

Robby Workman rw at rlworkman.net
Sun Sep 12 16:42:38 CEST 2010


On Sun, 12 Sep 2010 07:28:42 -0700
Auke Kok <auke at foo-projects.org> wrote:

> On 09/12/2010 01:05 AM, Liviu Andronic wrote:
> > On Sun, Sep 12, 2010 at 12:44 AM, Auke Kok<auke at foo-projects.org>
> > wrote:
> >> On 09/11/2010 03:33 PM, Liviu Andronic wrote:
> >>> It seems that Gigolo can handle these.
> >>
> >> perhaps adding the mount option 'user' helps ? thunar won't be
> >> able to mount partitions that are not mountable by the end user.
> >>
> > But where should one put it?
> >
> > As it is (without the option), upon connecting the LUKS-encrypted
> > device, Gigolo first issues a
> > 'Failed to mount "misc". You are not privileged to mount the volume
> > "misc".'
> >
> > but subsequently, upon clicking 'Open selected with file manager'
> > opens the encrypted partition just fine. Notwithstanding the initial
> > error message, the partition gets mounted.
> >
> > The only issue remaining is that I have no privileges to modify
> > contents on the partition; it's read-only for user. Where should
> > 'user' option go? If I put a
> > /dev/mapper/misc /media/misc ext2 defaults,users,noauto 0 0
> 
> well, you definately want to use 'user' instead of 'users' otherwise 
> other users will be able to umount your filesystem. Perhaps 'owner'
> is more appropriate.
> 
> also, you can always force ownership of all the files with e.g.
> 
> /dev/sr0 /media/cdrom auto noauto,user,ro,unhide,uid=1000,gid=101 0 0


Those aren't valid mount options for ext* filesystems, or any
*nix filesystem so far as I'm aware.  The proper way to give
or take access on one those filesystem is to fix the ownership
and/or permissions of the filesystem - those things don't change
between mounts.

The downside is that one's uid might not be consistent across
the various systems on which the device is used.  Even with a
toplevel permission mode of 777, there are still potential
issues with writabilty (wrt deleting files that you might no
longer own), so probably it's best to consider using the vfat
filesystem instead -- after all, it's in an encrypted container
and useless to anyone who can't decrypt it.

-RW



More information about the Xfce mailing list