How can mounting a VeraCrypt drive be done without root in Linux?
Solution 1
One option would be to set the the SUID bit on veracrypt. This would make sure it took on root privileges whenever run.
# chmod u+s /usr/bin/veracrypt
Generally, however, I try to avoid the SUID or SGID bits, as they allow any user with permission to execute the binary to use it at elevated privileges.
A better option:
Another option you have if you've got sudo
is to create a group with password-free sudo privileges for veracrypt.
This is definitely a still a little less secure than always requiring a password, as is always the case when creating sudo rules like this. Make sure you read this carefully and understand what it entails to ensure you do not create a security risk!
Before you begin, you want to ensure that the /usr/bin/veracrypt
binary is not writable by group or other.
Confirm that it is not writable by another other than the owner:
$ ls -lha /usr/bin/veracrypt
-rwxr-xr-x 1 root root 7.1M Sep 11 2019 /usr/bin/veracrypt
First, create a new group:
# groupadd veracrypt_group
Next, add your user(s) to the group:
# usermod -aG veracrypt_group your_user
Now you now use visudo
to create a new sudo rule:
# visudo -f /etc/sudoers.d/veracrypt
This one will allow the veracrypt_group
to run /usr/bin/veracrypt
without a password.
%veracrypt_group ALL=(root) NOPASSWD:/usr/bin/veracrypt
Solution 2
I had this problem in Linux Mint when my veracrypt container was in a directory not owned by the user opening the container. Even though the user could write to that directory (and owned the container file). Moving it to a folder that the user owns stopped veracrypt from prompting for an admin password.
Related videos on Youtube
jmbeck
Updated on September 18, 2022Comments
-
jmbeck over 1 year
I used TrueCrypt for a long time in Kubuntu, in which I used a keyboard shortcut to automatically mount a drive. Nowadays I use VeraCrypt, but I am always prompted for my sudo password after entering the password for the encrypted drive. This was never necessary in TrueCrypt.
It occurred to me that I could potentially mount the drive as a removable media (this is an operation that does not require a root password), but when mounting the drive to /mount/ (which is where removable media is mounted), I still get the sudo password request.
Furthermore, an option in VeraCrypt allows Volume Mounted as Removable Medium, but this option simply doesn't exist in the version I'm running in Linux (v1.19).
What is going on here? How can I request that the VeraCrypt mounting process behave like removable media? Entering my password every mount and dismount is irritating.
-
harrymc over 7 yearsNon-system volumes can be mounted during the session without password by selecting Settings > 'System Encryption' and enabling 'Cache pre-boot authentication password in driver memory'. Does this help?
-
jmbeck over 7 yearsIn VeraCrypt? I don't have that option. I do feel like features are missing in my copy of VeraCrypt that are described in their help documentation, but I suspect they are disabled in the Linux version.
-
harrymc over 7 yearsThere is nothing wrong with using TrueCrypt, you know, except that it's no longer supported.
-
mat about 7 years@harrymc Has support for this been dropped, or was it always only available in Windows? The Changelog doesn't state anything.
-
harrymc about 7 years@mat: TrueCrypt support and development have been stopped - the developers just walked away. Although its last version still works as well as it always did, it's recommended to use instead VeraCrypt.
-
-
ouk about 2 yearsThanks! To completely get rid of a password prompt I needed to add
mount
anduptime
to the sudo rule:%veracrypt_group ALL=(root) NOPASSWD:/usr/bin/veracrypt, /usr/bin/mount, /usr/bin/uptime