0

Is there a possibility to run a script as root on startup whilst also being able to access files in the encrypted home dir?

I know of /etc/rc.local which can execute scripts as root but since the user hasn't logged in, I can't access files in the home dir

I also know of the startup *.desktop files in ~/.config/autostart/ they can access the home dir since they are executed after login but they aren't run as root.

I want to automount my LUKS encrypted partition whilst using a key file that's in the encryted home directory. The commands mount and cryptsetup require root.

I prefer not to exclude these commands from requiring sudo rights, so this option is not available.

Improve this question
4
  • What encryption method is used for the home dir? Commented Oct 26, 2017 at 7:56
  • The home dir is encrypted with eCryptfs Commented Oct 26, 2017 at 8:22
  • If you don't need the contents of the LUKS partition immediately, you can run a cron job every minute that waits for your homedir to be decrypted and executes the mount command if the disk isn't there already. Commented Oct 26, 2017 at 13:03
  • That's a neat idea, but since I have my keepass safe on the LUKS partition which I need immediatly sadly this won't work Commented Oct 26, 2017 at 14:33

1 Answer 1

Reset to default
1

It sounds like you've almost got your answer already:

  1. Have to wait until after the user logs in to decrypt their home
  2. Then have to run commands as root, while still requiring sudo

  • I think you'll just have to have a terminal or window popup after logging in asking for sudo privileges.

    Just create a .desktop file in ~/.config/autostart that runs the commands/script prefaced with sudo, similar to 

    Exec=sh -c "sudo cryptsetup... && sudo mount..."

    If plain sudo won't popup an "enter password" prompt, then gksu sounds like the tool you want to use instead of sudo.

  • Or modify your sudo/sudoers to only run your specific script file without asking for a password, only for your user, something like this (but see man sudoers for pages & pages of info):

    myuser ALL=(root) NOPASSWD: /home/myuser/onlythis

  • Or creating a PAM module/plugin to automatically do things with your password while logging in is another, more complicated idea)

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.