Ubuntu
policykit-desktop-privileges package

Mounting encrypted hard disk partitions now asks for the root password.

Bug #1007149 reported by PeterPall
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
policykit-desktop-privileges (Ubuntu)
Fix Released
Undecided
Martin Pitt

Bug Description

The default mount point for memory sticks, sd cards etc. has changed from /media/<filesystemlabel> to /run/<username>/media/<filesystemlabel>. At the same time my encrypted hard disk partition (formatted with luksformat) started asking for my login password in order to be mounted.

If this is the desired behavior from now on please feel free to close the bug as "invalid".

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: gvfs-bin 1.13.0-0ubuntu3
ProcVersionSignature: Ubuntu 3.4.0-3.8-generic 3.4.0
Uname: Linux 3.4.0-3-generic x86_64
ApportVersion: 2.1.1-0ubuntu1
Architecture: amd64
Date: Thu May 31 23:28:22 2012
EcryptfsInUse: Yes
SourcePackage: gvfs
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
PeterPall (peterpall) wrote :
PeterPall (peterpall)
description: updated
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thank you for your bug report

Ccing pitti (the udisk maintainer), hey Martin, do you have any idea what component is to blame there?

Changed in gvfs (Ubuntu):
assignee: nobody → Martin Pitt (pitti)
Revision history for this message
Martin Pitt (pitti) wrote : Re: Cannot mount encrypted devices

I just tried this with an actual LUKS-encrypted USB stick, and it's automounted just fine, so I'm afraid this is not obvious to reproduce. Can you please insert the device, do

   udisksctl dump > /tmp/udisksctl-dump.txt

attach /tmp/udisksctl-dump.txt to this bug report, and then copy&paste the output of

  udisksctl unlock -b /dev/sdb1

(I assume it is /dev/sdb1, but it might also be a different name like sdc1 or sdd1, depending on what the latest device is) It should say something like

$ udisksctl unlock -b /dev/sdb1
Passphrase:
Unlocked /dev/sdb1 as /dev/dm-0.

If that worked, please try to mount this with

  udisksctl mount -b /dev/dm-0

or whichever device the previous "unlock" command said. For me it says

$ udisksctl mount -b /dev/dm-0
Mounted /dev/dm-0 at /run/media/martin/PittiCrypt.

Do you get an error message on either?

summary: - Changing mount point from /media to /run/username/media broke encrypted
- devices
+ Cannot mount encrypted devices
Changed in gvfs (Ubuntu):
status: New → Incomplete
Revision history for this message
PeterPall (peterpall) wrote :

You are completely right: I seem to encounter a completely different problem than I expected:
My system setup is the following:
 - /dev/sda is a hard disk (2 partitions) comtaining my encrypted home folder and my swap partition.
 - /dev/sdb is a small SSD containing my system (/dev/sdb1) and a folder I want to keep backups in just for the case my hard disk breaks.

The memory stick I tried to verify the problem with before I reported this bug seems to be severely broken - and it clearly is a hardware fault. Did try your commands with one of my girlfriend's memory stick and the stick was mounted. Then I unmounted the stick, re-inserted it to the computer and after typing in the passphrase it worked, either. So I formatted /dev/sdb2 using luksformat - and got the following results:

udisksctl unlock -b /dev/sdb2
Passphrase:
Error unlocking /dev/sdb2: GDBus.Error:org.freedesktop.UDisks2.Error.NotAuthorized: Not authorized to perform operation
gunter@lore:~$ sudo udisksctl unlock -b /dev/sdb2
Passphrase:
Unlocked /dev/sdb2 as /dev/dm-1.

Having your commands as a starting point debugging the problem further was easy:

1.) The system claims to want a passphrase twice but for mounting my hard disk partition it needs both my login passwort and the partition's passphrase. When I insert the stick only the passphrase is needed.
2.) After partitioning the stick and formatting its second partition with an ext4 filesystem using luksformat (the first partition is unencrypted ext4) I still don't need my password to mount the stick. So the problem doesn't seem to be that I formatted the second partition using luksformat.

This means my problem was that for mounting a encrypted hard disk partition my password is needed as well as the luks passphrase whereas for a stick only the latter is needed. A week before i wrote the bug report this wasn't the case.

 not only asking me for the passphrase of the device

summary: - Cannot mount encrypted devices
+ Mounting encrypted hard disk partitions now asks for the root password.
description: updated
Revision history for this message
PeterPall (peterpall) wrote :

Did change the title and description of this bug report to reflect the problem I actually had instead of the one I thought I encountered.

Changed in gvfs (Ubuntu):
status: Incomplete → New
Revision history for this message
Martin Pitt (pitti) wrote : Re: [Bug 1007149] Re: Cannot mount encrypted devices

PeterPall [2012-06-11 17:04 -0000]:
> 1.) The system claims to want a passphrase twice but for mounting my
> hard disk partition it needs both my login passwort and the
> partition's passphrase. When I insert the stick only the passphrase
> is needed.

This is expected. Your login password is necessary for "sudo", to be
able to access the raw partition.

Note that "luksformat" is rather a power-user command line tool.
Ordinarily you would create encrypted partitions with the graphical
"Disks" tool.

Mounting the stick does not involve sudo, and thus does not need your
login password.

> This means my problem was that for mounting a encrypted hard disk
> partition my password is needed as well as the luks passphrase whereas
> for a stick only the latter is needed.

Indeed. I'll fix that.

affects: gvfs (Ubuntu) → policykit-desktop-privileges (Ubuntu)
Changed in policykit-desktop-privileges (Ubuntu):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package policykit-desktop-privileges - 0.12

---------------
policykit-desktop-privileges (0.12) quantal; urgency=low

  * Allow local admins to unlock encrypted system drives with udisks2.
    (LP: #1007149)
 -- Martin Pitt <email address hidden> Wed, 13 Jun 2012 06:43:17 +0200

Changed in policykit-desktop-privileges (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.