From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D95971382C5 for ; Wed, 10 Jun 2020 20:52:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 70149E0991; Wed, 10 Jun 2020 20:52:24 +0000 (UTC) Received: from mail-oi1-x243.google.com (mail-oi1-x243.google.com [IPv6:2607:f8b0:4864:20::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1DB35E0948 for ; Wed, 10 Jun 2020 20:52:24 +0000 (UTC) Received: by mail-oi1-x243.google.com with SMTP id b8so3425634oic.1 for ; Wed, 10 Jun 2020 13:52:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to; bh=2REk8eWaIeRwSanxUvaQvYy8bbr0Hxhsi9cliCg43D0=; b=FNi5KaxcjXVx7ud4Kn+86rYEjTMSX/e1mq3EbLNgVn21p/z8noFBWda4bMg2IP3sKg JyNc2c29J1wZTG3fhfOvrcwcBWCsaEYjlGWaBxXahuxFlbTGoqLzs8jHpZJf1jkQQHlS dH1k2XK2RXcytC/LHkaMMwC5u5g7R+dcK8LzqPDH48kufB4z63AeWv3Jin3NIYwZwL4G kLgyPXR8nM5yeQrMC5ECg2k+dJfJr7JFDYRhpmLbv31HW/TVARXQPumd8+R/0N6cA2iG 5sxzWTlvGoxOFMmMYRXsB8L2XnTR/gEU7XS0IBB+dfU29IEMyh0ZA88VmXDvJV1xigjq QJZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to; bh=2REk8eWaIeRwSanxUvaQvYy8bbr0Hxhsi9cliCg43D0=; b=HgN7IKExONU66vcof53Nw6Oecctex30+TjOaWU5W0ZOU0H0g9IugHyLwb8zCURwSvl cM8lYxiHzLmZCQl8TSJO2YC8tcnOJE4Vqecy7oepbVLM6NU5htJJ1s9vbVGvXKlpShxC w2GTuwMixwcKs63cSr01bF4hsHHEP7xFIyKXYkTuIDaP6pJt4udVY0KBkPoaGXE2okv7 6geQMeeAUIkaigR3Ad8YL5ZVhssUvFdbkHs0vPZxwiFToBUGDnGAVRkdbN02eZa5PKvY nsm018UPu0XRJ2NSAENDEUbUix3oEh5ZyNfTAyr71VFrA7yzdxPRgN74z1w0QxtX+Xhv gNuQ== X-Gm-Message-State: AOAM532ClVEWozVo3UMuPSa/sX7QoFIl4ExQZh0ffgzdRDm6qIpPaqAH MgXahfXky5F53iEW9Z2V9Sc= X-Google-Smtp-Source: ABdhPJwckQea0aO8TBkA+HtMTVfGHHH5IQ4+Pth++hUQscqucqjLMZo5SQVdTZV+44VRN9QmTVPUFg== X-Received: by 2002:aca:f18a:: with SMTP id p132mr4211861oih.56.1591822343316; Wed, 10 Jun 2020 13:52:23 -0700 (PDT) Received: from [192.168.0.100] (adsl-074-188-241-018.sip.asm.bellsouth.net. [74.188.241.18]) by smtp.gmail.com with ESMTPSA id w185sm211603oiw.14.2020.06.10.13.52.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 10 Jun 2020 13:52:22 -0700 (PDT) Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method. To: gentoo-user@lists.gentoo.org References: <3082a322-c6f8-31e7-fbc4-823963307b87@gmail.com> <98a5dbe1-5719-f80a-3552-6695fb8f80c1@gmail.com> From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFxc7MgBEAC+zrgEdqJJiDe/UDAB+ScmferXWfJTVjbVT2T4DQ7jiLrgP9aNUo1HioNF mrU3JPOCR32gvZyTbY1+niO5+VSo/+pSqQ785h6ZDj1klMkrg6tEzGnf2MNBpBj4houZwxQ+ WDKKTg2M9F+lv8wTIdR/JQn+hSviktLMtrghQlyLhpapsLXWLA6gMFebpQYwxUwemvan8ddX lQvJe9FGyFYvBi0dp1gl10F2O+DVZJxvX8xkX+yImVlhVJiC31gXHRcj+Qlo7gprlU7TIieF Uow6/ZvYKJ26pztVdFCg5w0rMJkF/x8Zd4A6wnuptiAPmWaQ1+YKgYDonbDUgwqFSx5/lN5z DGZ4LlioxeUTTPVvZsqBIeDz6jNFA583OYbo1/S26dqrvTFf2DKlsvoDpVfAhNlwJPjoixs0 X3FNqPv+M10n4kq5Iz7Q9E3O4s/nfFIYGocEslVka7zZPkXSaHbsn+KJlY8XV6qxtCEdh0/V XX1+1aU2J74M0JikWhpwxTZ1dP5aOyWSPPEgFFIRW6xwwC02SoRH9a7mggfGYp/YjPlONNaT SCL8sgRfvmq3D0XTbLyTjSbExxkfKDmbePQagawDE3TlI/oivHf1JaAcbwMb3LZuU4TGcOIl 5D+x7q0MUIeCop0ZFOwAnqW3AVVNvsBkv2KN+IHJryWAf0/iMQARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAk4EEwEIADgWIQTZ7suruPBaS60bCYXvEM/XWu+ZnAUCXFzs yAIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDvEM/XWu+ZnN+7D/4/1dNG4aCz0+v+ 0dcjV5tY1feYEWCdHKyDzxWBxlCpd/0NPRQeNY4VMjbCl/sq7GkXi/c2SbfWDQ5BQRkkExG1 pSwuXSIehGok/4fpTi3HDAguRvzdCqlKPt7me05FyiC/WnpY5GOlJ3ruGw2qABv/RmV2q5b/ tkq7h1y1f16DTNr3/nsj8HzHcrHdXdL4kaYChSOe/dbQR9Stqak7eMyR+iwvrJMNF/CGl70P 2x5ybsXMDzRVOqNcpa5ZdhEMTVh6+vC1SOmm1BFMF8XCqBEvBbcHWDQmGYTdNCsS/ADm8CBl gvjJgLdIsAzoMu4WHQDFnzXAoArqFWgAf53isOS4AWrv29tF9b8Aa1vb7h5JEa+ArcMsA6Gl X38+GY6WXXaxKI9n3PTCWu9tPGnRh7mABjnwEosDDqmzw8aTAYECb3avDuGY2rmcjgh4H6RE w08d63j1T4d5J9wlm4TGtW/VHgbUFkATEdH3Acl/EjFiyqTiX7p8kU6Reu5enIkogA93xoQh Rmy7ZiST/5LN+ZkaOdyjIw0L+5KalslN9SKt809YxgJ6kPo657LNTFPiFvFA46/SEWcBYrzq Xk0wEW0gBRWf+BqN0qRhU0/EQ+QfRdLLFg2xtUePwlheYLXxfyDLrdCCOLWYpkzbjCZHLS4u 69smbvR9S9KBDNzJybxEWrkCDQRcXOzIARAA5IGRWTqaM44IJgBYghZg2fGj0Am7KWPhE7V7 T/EEe7vVSUEFqHtlHzI4ZK6Q0AZ9uAEjE8IJIQ7KoTjzNqAtabP0vp3s0szgtJlsZ+8vGKlQ my7fvzSrdoQL0Xn7CEwJYFXJ1EMUcYIQeoHG1cUAaXx73k9BFbjwjnUeMrqlV/ZovQlg7duW nESfQ7HZu5NrtYyY3jPMUouxiO9WQPh+IHxZbt1absF2VcvRAymD32RxGvMPbw6ChMRD/p9O 4PH7M5rXaxr78NXQX9E48vrI00f1cYb9NSN1HnSV8cW3jKObVjdBk6jPQwrMvdpgdQhUB9aZ HS/9mC9mmAgiXKyCpzXe7FPB6QznSfn4GIaC/luy1e6SLUkJhRK/niB+gq+Mfxg2zXNuDUTI cMGmpDCp3kgUoorkaltk8RW09io95BkXrGhcDNuSGZfAParBc7RXyYpbIcax8St7tEAd2oFh 4seYOPUlzuhGrPpqR/91wrFc4E1260GKauSr4UhMJv6tygBwyC0mmBMKi+ZXw6ZdZxA5fg7y 35P3TILjznCXXTDgRHq9A3NknKRMcgFacX6eIhANkMFo6oJVjuEgy1dvu1wFfDq7c+i8GAHu L4pYzyXYu6PporlNNU0xSwdVgzM/uuK0lt+UxCimgC+YR3IezgDcbfudb7h9dGIwL+bbPL0A EQEAAYkCNgQYAQgAIBYhBNnuy6u48FpLrRsJhe8Qz9da75mcBQJcXOzIAhsMAAoJEO8Qz9da 75mcXZ4P/1YXgWDZek7mhzrf6uaQzMxa92P89HeWz4PlgB/32symeEFAV04WazzBZffI8AYY rGA1Xmu/2VaB9+FOODyKhUWBc2UL0NRWBk6POwboyTdKlclmpixaN9zLcBt0YLejoRfN1B/5 aQf9/lUDZMnAiCyz0FgeqEMUshldmwWC35RqnjrCbbuk2vIqSH6BLDIXU6jQrLHE1DF0ai41 wLtQFAFXPhn45n0ZwYhVs4Z32z4sjXrIvgBgCaXa4HM+L1Klne0KiNM8ReFTTpTE0SgyDOSZ O3MOa2n77i6JbVtsbiFYnNeP3J9S/l3jevGpZEtNQOKrIm1MW8jGuHWtsDeMkT/mCcSodlkt PxIo+mMK9GpGvG2hW80LiohqNfUbNwAmr3blOYY4URPXPRnEnPs4pmTmL5owjw2dkg145i9I D42Tq+XZ6YtWt3SGzGbAYow6XwTwZ5NFAzV9UQuCGrDw4KWan6O6Z+VIYWsn0UMZlu1Obxna aocofkaUCbISK26kImuD1aA8juSHC18Qv1xUage6/UakbSxyDtACqt6hOVFKX3IA59ApdNRT +2x3iCmlvF9MJsGgFq6IpqL+Fk7iWV8Kjbz0wQOId6N9+JdQh3LrLaS7a1PowUm1z9DK5/O0 Yg+gpDnEOOFI7WM5u7a7FSM2Z/LXGVwel/0eWvLk9tN6 Message-ID: Date: Wed, 10 Jun 2020 15:52:21 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <98a5dbe1-5719-f80a-3552-6695fb8f80c1@gmail.com> Content-Type: multipart/alternative; boundary="------------06BF7356F1F985DCBB2675AD" X-Archives-Salt: da9f301a-6f88-433e-a534-72b42b288b50 X-Archives-Hash: 8b80f4f4635881b606b2d40aed37eb8d This is a multi-part message in MIME format. --------------06BF7356F1F985DCBB2675AD Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Victor Ivanov wrote: > On 10/06/2020 07:59, Dale wrote: >> It tells me I don't have permission to access but it also mounts it > This KDE bug re Device Notifier has been present for a long time and > it's seriously infuriating. Mounting from Dolphin, on the other hand, > seems to work just fine, though it too doesn't miss the opportunity to > complain about privileges. > > It's not a Gentoo specific issue, as I've experienced this on other > distros too. I believe there was an upstream bug report that kept > getting resolved and reopened. > > On 10/06/2020 07:59, Dale wrote: >> I type in the password but it mounts it to the wrong place. > This is normal. By default, volumes mounted from userspace will be > mounted under "/run/media//". This makes sense and is > entirely due to user privileges. Mounting under other directories would > require escalation of privileges. But most basic UI features are > designed for the most common scenario. > > On 10/06/2020 07:59, Dale wrote: >> How do I tell the Device Notifier that I want it mounted somewhere >> else? > From KDE you can't and there's no KDE-specific tool to allow you to do > that. But you can add the UUID of the filesystem to /etc/fstab and KDE > will then mount it under that location. However, make sure that the UUID > is that of the open volume, not the encrypted container. > > For example, if you manually open the encrypted volume via the command > line, e.g.: > > # cryptsetup open /dev/sdz1 crypto_volume_name > > This will ask you for the encryption password and, if correct, will > create a new block device "/dev/mapper/crypto_volume_name". > > You can then get the UUID of "/dev/mapper/crypto_volume_name" with: > > # blkid /dev/crypto_volume_name > > At this point you can close your LUKS container via: > > # cryptsetup close crypto_volume_name > > You can bypass steps 1 and 3 above by mounting via the KDE as usual, > which will automatically create the block device > "/dev/mapper/luks_abcdef1234". You can then get its UUID via step 2 and > replace step 3 by ejecting the mounted volume. > > Finally, add this UUID to /etc/fstab in the usual way: > > UUID= /dst/mount/dir [mount_options],user 0 0 > > Note "user" under mount options. This is critical to making it work > seamlessly from KDE, otherwise it will require escalation of privileges > to mount the volume. > > Once you do the above, the volume should automatically be mounted under > "/dst/mount/dir" the next time you mount it via Dolphin or Device Notifier. > > It still won't get rid of the annoying "You don't have permissions" > error message, but it does work. > > Hope this helps. > > - Victor > I've got that in dmcrypt and fstab as the wiki says.  That part works.  It's the KDE part that isn't working correctly.  However, I did do one thing different, I put users instead of user.  Plural not singular.  Should users work the same as user? I wonder, other distros have crypttab file instead of dmcrypt.  I wonder if I created a crypttab file if that would help KDE even if Gentoo ignores it or doesn't know it exists.  It sounds like the Device Notifier is just not set up or designed to do what I want to do.  Given the number of people who do what I'm doing, it looks like KDE would either update the Device Notifier or have a new tool that handles encrypted things.  Dale :-)  :-)  --------------06BF7356F1F985DCBB2675AD Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
Victor Ivanov wrote:
On 10/06/2020 07:59, Dale wrote:

It tells me I don't have permission to access but it also mounts it

This KDE bug re Device Notifier has been present for a long time and
it's seriously infuriating. Mounting from Dolphin, on the other hand,
seems to work just fine, though it too doesn't miss the opportunity to
complain about privileges.

It's not a Gentoo specific issue, as I've experienced this on other
distros too. I believe there was an upstream bug report that kept
getting resolved and reopened.

On 10/06/2020 07:59, Dale wrote:

I type in the password but it mounts it to the wrong place.

This is normal. By default, volumes mounted from userspace will be
mounted under "/run/media/<uid>/<volume name>". This makes sense and is
entirely due to user privileges. Mounting under other directories would
require escalation of privileges. But most basic UI features are
designed for the most common scenario.

On 10/06/2020 07:59, Dale wrote:

How do I tell the Device Notifier that I want it mounted somewhere
else?

From KDE you can't and there's no KDE-specific tool to allow you to do
that. But you can add the UUID of the filesystem to /etc/fstab and KDE
will then mount it under that location. However, make sure that the UUID
is that of the open volume, not the encrypted container.

For example, if you manually open the encrypted volume via the command
line, e.g.:

  # cryptsetup open /dev/sdz1 crypto_volume_name

This will ask you for the encryption password and, if correct, will
create a new block device "/dev/mapper/crypto_volume_name".

You can then get the UUID of "/dev/mapper/crypto_volume_name" with:

  # blkid /dev/crypto_volume_name

At this point you can close your LUKS container via:

  # cryptsetup close crypto_volume_name

You can bypass steps 1 and 3 above by mounting via the KDE as usual,
which will automatically create the block device
"/dev/mapper/luks_abcdef1234". You can then get its UUID via step 2 and
replace step 3 by ejecting the mounted volume.

Finally, add this UUID to /etc/fstab in the usual way:

UUID=<uuid from step2> /dst/mount/dir <fstype> [mount_options],user 0 0

Note "user" under mount options. This is critical to making it work
seamlessly from KDE, otherwise it will require escalation of privileges
to mount the volume.

Once you do the above, the volume should automatically be mounted under
"/dst/mount/dir" the next time you mount it via Dolphin or Device Notifier.

It still won't get rid of the annoying "You don't have permissions"
error message, but it does work.

Hope this helps.

- Victor


I've got that in dmcrypt and fstab as the wiki says.  That part works.  It's the KDE part that isn't working correctly.  However, I did do one thing different, I put users instead of user.  Plural not singular.  Should users work the same as user?

I wonder, other distros have crypttab file instead of dmcrypt.  I wonder if I created a crypttab file if that would help KDE even if Gentoo ignores it or doesn't know it exists.  It sounds like the Device Notifier is just not set up or designed to do what I want to do.  Given the number of people who do what I'm doing, it looks like KDE would either update the Device Notifier or have a new tool that handles encrypted things. 

Dale

:-)  :-) 
--------------06BF7356F1F985DCBB2675AD--