Mount TrueCrypt USB device w/o sudo on Mac OS X

3

2

I made a TrueCrypt partition on a USB drive.

I can mount it fine but only using admin password, either via the graphical interface or via sudo truecrypt --auto-mount=devices. This is preventing me from using it for an automated backup. Mounting TC volumes contained in files on already mounted volumes presents no such requirement.

Is it possible to mount a Truecrypt partition volume in userspace on Mac, or otherwise without asking for password?

ttarchala

Posted 2009-09-07T11:44:21.363

Reputation: 771

If you want to access it without using a password, why do you encrypt it?

I don't know the workings of TrueCrypt, but if the partition is encrypted then a password should always be required.

Also is there no option to "Add password to keychain" when you type it? – Tiago Veloso – 2009-09-07T12:02:23.260

I'm pretty sure he means the computer's admin password, as opposed to the passphrase used to encrypt the TC container. – Shane – 2009-09-07T17:10:47.887

1Shane is correct -- the problem is admin password, not volume password. The volume does not have a password, it is accessed using a keyfile in my (also encrypted) home directory. – ttarchala – 2009-09-07T17:35:20.397

Answers

4

The reason TrueCrypt requires your administrator password is that it uses low level commands to create the proper devices and mount the filesystem and these commands in turn require root access (which the administrator acquires indirectly via sudo).

To avoid this, it's possible to use the "sudoers" file to give the right to a given user/application combination (in this case you/truecrypt) to automatically be run as root.

Log in as an administrator, then type the following command in a Terminal:

visudo

then add these two lines:

# Allow TrueCrypt run under user "XYZ" to run as root without asking for a password.
XYZ ALL=NOPASSWD: /Applications/TrueCrypt.app/Contents/MacOS/TrueCrypt --core-service

Of course, replace "XYZ" by your user account name. Note that this opens a security hole since TrueCrypt will then have full access to any device you will mount your encrypted volume on. I have no idea how hard this would be to exploit though...

A few useful references:

Laurent Giroud

Posted 2009-09-07T11:44:21.363

Reputation: 195

1

You could create a SUID script that has permissions to do this.
However, be warned about its insecurities in general.

nik

Posted 2009-09-07T11:44:21.363

Reputation: 50 788

Asked: 2009-09-07T11:44:21.363

Viewed: 4 766 times

Active: 2010-11-18T05:40:07.410