4

As a non-root user I would like to be able to mount external hard drives which have been encrypted with microsoft bitlocker. The admin (with root access) can set something up if I can tell him how to do it, and it doesn't compromise security.

I can mount encrypted drives with root using dislocker, and I can mount unencrypted drives without root using udisk. I just can't figure out how to combine them (or if there are other tools I should look at).

Mounting bitlocker drives with root:

sudo dislocker /dev/sda1 -u<password> -- /media/bitlocker
sudo mount -o loop /media/bitlocker/dislocker-file /media/bitlockermount

Mounting unencrypted drives without root:

udiskctl unmount -b /dev/sdb1
Improve this question
1
  • Simplest way would be to have the admin provide two scripts for mounting and unmounting, and edit sudoers to allow some or all normal users to execute those scripts as root. Commented Mar 20, 2020 at 19:29

1 Answer 1

Reset to default
0

Create the directories bitlocker and bitlockermount under /media. Then you can add the following to your /etc/fstab:

/dev/disk-by-id/... /media/bitlocker fuse.dislocker user-password=<password>,nofail 0 0
/media/bitlocker/dislockerfile /media/bitlockermount auto user,nofail 0 0

The first line may need the user attribute, also. Test it out.

Improve this answer
5
  • 3
    Wouldn't this make your Bitlocker password visible to everyone with access to /etc/fstab (viz. every single user by default)? Commented Mar 21, 2020 at 7:53
  • Another problem is that this would have to be done by the admin every time a different drive was to be plugged in. It might be worthwhile even with both issues though, so I'll give it a try. Commented Mar 21, 2020 at 12:13
  • 1
    Wtf, who downvotes a correct answer? Commented Apr 3, 2020 at 12:03
  • Thanks for taking the time to respond, but the answer doesn't fully address the original question, and is just a copy/paste of background research given in the question itself, without adding anything useful. Commented Apr 14, 2020 at 16:12
  • Well, what do you think how most questions get answered. If you answer questions out of your scope, it is nothing more than "let me google that for you". That is ok, since many can't even do that themselves. Anyway, im good at looking things up. There is no other better answer, unless the author of the package or it's team is gonna respond. No justification for a downvote. Noone forces to upvote. Commented Apr 14, 2020 at 16:54

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.