This is a static archive of the old Zorin Forum.

The information below may be outdated. Visit the new Zorin Forum here ›

If you have registered on the old forum, you will need to create an account on the new forum.

Old Zorin Forum archiveHelp and Support

Using Veracrypt without having to enter sudo password?

wbrells

Mon Jun 24, 2019 8:37:48 pm

I've been happily using Veracrypt under Windows for quite some time. When mounting a Veracrypt volume in that environment it is only necessary to enter the encryption password. Under Zorin 15 (and other Linux distributions, I assume) I'm asked for the administrative (i.e. sudo) password in addition to the encryption password. This behavior is getting more and more annoying, and I'd really like some way to eliminate the need to enter the sudo password! From doing a little looking around, it appears that the appropriate entry in the 'sudoers' file might be the answer, but it's not clear what entry - if any - might solve my problem. Any suggestions would be greatly appreciated!

Swarfendor437

Mon Jun 24, 2019 8:58:51 pm

It would appear if you are able to do that you end up with a pyrhhic victory:

https://security.stackexchange.com/ques ... n-this-way

wbrells

Tue Jun 25, 2019 4:52:44 pm

After looking at the referenced article I really don't see the problem. I would be the only user added to the 'veracryptusers' group and in the example sited in the article, a security problem can arise if "An evil user is put in your special group, letting them run VeraCrypt as root without a password." I don't see how such an "evil user" could be put into this group without my knowledge (and without knowing the sudo password). Even is such an "evil user" were to exist, I don't see how they could mount a veracrypt volume without knowing the password for that volume.... (It seems they could do a lot of other damage as 'root', but accessing the encrypted volume would not seem to be possible.)

Am I overlooking some basic problem?

Thanks!

Swarfendor437

Tue Jun 25, 2019 7:43:23 pm

Interesting thread here:

https://sourceforge.net/p/veracrypt/dis ... /bace7ff6/

In particular the bit about NSA - the lead member of the Local Linux User Group I attend believes very strongly that 'meltdown' was an NSA directive from Intel so it does look like a machine could be compromised by it's CPU - it would have no need to bypass VeraCrypt. ;)

Aravisian

Tue Jun 25, 2019 7:57:18 pm

Swarfendor437 wrote:Interesting thread here:

https://sourceforge.net/p/veracrypt/dis ... /bace7ff6/

In particular the bit about NSA - the lead member of the Local Linux User Group I attend believes very strongly that 'meltdown' was an NSA directive from Intel so it does look like a machine could be compromised by it's CPU - it would have no need to bypass VeraCrypt. ;)

Funny coincidence; I was reading about Spectre and Meltdown, earlier today.

An analogy; if you watch a famous magician like the Amazing Randi's performance or David Copperfield; you may often feel very stumped as to how they pulled the trick off. Try as you might, it makes no sense, you just can't figure out how they did it.
Always remember, just because you cannot see anyway someone can get your password, does not give you any security, at all. After-all, if that was how it worked, you wouldn't need passwords in the first place. You would always be one step ahead of the intruder.

Swarfendor437

Tue Jun 25, 2019 8:03:58 pm

Also with the ability to circumvent the system passwords, such as when you forget it or it baulks for whatever reason there are ways to delete the xauthority file and start afresh. LOL!