Running cryptsetup commands without sudo permissions

permissions ubuntu sudo luks disk-encryption

You can give your users (or groups) limited sudo access to just these commands.

Use visudo to edit the sudoers file (sudo configuration). It will open it in default editor and validate it once you're done to prevent breaking sudo. Add these at the end:

usernameOr%Groupname ALL=(root) NOPASSWD: /sbin/cryptsetup luksOpen /dev/dev1 mapper_name1
usernameOr%Groupname ALL=(root) NOPASSWD: /sbin/cryptsetup luksOpen /dev/dev1 mapper_name2
usernameOr%Groupname ALL=(root) NOPASSWD: /sbin/cryptsetup luksClose mapper_name1
usernameOr%Groupname ALL=(root) NOPASSWD: /sbin/cryptsetup luksClose mapper_name2

Breakdown of these lines:

  • usernameOr%Groupname - substitute with username or group name prefixed with %
  • ALL allows all hosts (I don't know how this affects sudo in practice, it seems like ALL is okay most of the time)
  • (root) means that they can only impersonate root
  • NOPASSWD: skips password prompt, remove this part to prompt for password
  • /sbin/cryptsetup luksOpen /dev/dev1 mapper_name1 is obviously your command, with a fully qualified path to the executable

Related

O365: Outlook not able to set default signature for shared mailbox
Emojis are only in black and white in MS Word
List of MAC addresses for 10 machines
excel formula of sum with error and cells not in range
How do I get enough reputation on this website to leave a comment?
Processor with a higher IPC vs Processor with lower IPC but specific instructions
Chrome blicking cursor [duplicate]
How to force Chrome not to download files that have been already downloaded?
How can I make a SquashFS file the root file system when doing an iPXE boot?
Hiding 0% in MS Excel Charts (Windows OS)
how to install gcc-7-aarch64-linux-gnu on ubuntu 16.04
How can I get around a "Can not verify rule set jar" error when accessing a website