For some esoteric reason you might want to access your dm-crypt/LUKS encrypted harddisk with another user – e.g. perl, php, etc.
When plugging in external devices with automount standard permissions are used. Therefor a user like www-data will not be able to access the data of the drive. A solution is to permanently register the drive with crypttab and fstab and give the drive custom permissions.
- Check which user is running your target application. (e.g. user “www-data”)
- Connect the drive manually and check the files /etc/crypttab and /etc/fstab.
mount -l will help you to check the current fstab permissions.
- Disconnect the drive and recheck the permissions. Notice the missing line in /etc/crypttab.
- Add the missing line to /etc/crypttab – example given (replace LUKS ID and UUID):
luks-504c9fa7-d080-4acf-a829-73227b48fb89 UUID=01234567-89ab-cdef-0123-456789abcdef none luks,discard
- Create the target mount directory.
sudo mkdir /archive
- Add the line to /etc/fstab:
/dev/mapper/luks-504c9fa7-d080-4acf-a829-73227b48fb89 /archive ext4 noauto,uid=mainsername,gid=www-data,umask=0027 0 0
This example configuration will give the user “www-data” read access to the drive.
- Mount the drive:
sudo mount /dev/mapper/luks-50* /archive
sudo mount -a
To put it in a nutshell, fstab needs the /dev/mapper/luks-… before it can mount the drive.