udisksctl unlock parameter for keyfiles
Martin Pitt
martin.pitt at ubuntu.com
Tue Sep 11 20:46:06 PDT 2012
Hello Sebastian,
Sebastian Fischmeister [2012-09-11 15:17 -0400]:
> Cryptsetup requires root access and I don't want that for my backup
> mechanism. Also I don't want to call sudo in a cron job.
Sounds like you should give the backup user the
org.freedesktop.udisks2.encrypted-unlock privilege for
"allow_inactive" (as it won't be in an active session). See
man pklocalauthority.
However, the worrying part here is that in order to do this
noninteractively, you need to store the cleartext passphrase at a
place where the cron job can read it. What's the point of encrypting
your disks when the password is on a (proverbial) sticker right next
to it?
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the devkit-devel
mailing list