Ubuntu makes ingenious use of the sudo command to allow unprivileged users to easily run as root when necessary. All they need is to be members of the admin group.

You may also give users the power to run only a single command that requires rootly powers by editing /etc/sudoers. You must edit this file with visudo. This example lets Pinball on the laptop Xena run the cryptsetup script:

# visudo
# /etc/sudoers
#
# pinball can use  /etc/init.d/cryptdisks
pinball xena=/etc/init.d/cryptdisks

For any Linux distribution that does not come with prefab init scripts, the nice folks who invented LUKS wrote a boot script to use. You won't need entries in /etc/fstab if you use this script. Edit it so that it has your correct device names, then treat it like any other boot script. I like to use it the traditional way; put it in /etc/init.d, then create startup links in /etc/rc*.d for whatever runlevels I want.

It does not unmount or close the encrypted partition, so if you want to do this without shutting down you'll have to do it manually. Or, try this script at solsys.org. This gives you a single base command to remember for the most common cryptsetup operations, such as creating a new encrypted partition, mounting and unmounting it, and creating and deleting passwords.

Next: Encrypt a USB Key »