Protecting Data with Encrypted Linux Partitions Part 2 - page 5
Adding Your Own Back Door
Ubuntu makes ingenious use of the
sudo command to allow unprivileged users to easily run as root when necessary. All they need is to be members of the
You may also give users the power to run only a single command that requires rootly powers by editing
/etc/sudoers. You must edit this file with
visudo. This example lets Pinball on the laptop Xena run the
visudo# /etc/sudoers # # pinball can use /etc/init.d/cryptdisks pinball xena=/etc/init.d/cryptdisks
For any Linux distribution that does not come with prefab init scripts, the nice folks who invented LUKS wrote a boot script to use. You won't need entries in
/etc/fstab if you use this script. Edit it so that it has your correct device names, then treat it like any other boot script. I like to use it the traditional way; put it in
/etc/init.d, then create startup links in
/etc/rc*.d for whatever runlevels I want.
It does not unmount or close the encrypted partition, so if you want to do this without shutting down you'll have to do it manually. Or, try this script at solsys.org. This gives you a single base command to remember for the most common
cryptsetup operations, such as creating a new encrypted partition, mounting and unmounting it, and creating and deleting passwords.