Description of problem: - in Mageia7 in "/etc/sudoers/" there is a column: - %crypt ALL = NOPASSWD:/usr/bin/veracrypt The effect was that users of the group "crypt" could use veracrypt without the need to use the root password. Veracrypt mounts the encrypted container to a defined mountpoint. After upgrading mga7 to mga8b2 this column seems to have no effect any more, members of "crypt" have to know the root password to mount the container. I dont know, if this is a bug. If it isn't im sorry... Greetings, U.Selle
I think since veracrypt-1.24u2 one have to use '--use-dummy-sudo-password' when starting veracypt to use the old behavior with sudo. https://github.com/veracrypt/VeraCrypt/releases/tag/VeraCrypt_1.24-Update2 "Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password"
Source RPM: sudo-1.9.4p2-1.mga8.src.rpm => veracrypt-1.24u7-3.mga8Version: 8 => Cauldron
See also https://bbs.archlinux.org/viewtopic.php?pid=1906246#p1906246
Summary: After Upgrade from Mageia7 to Mageia8 sudo has no effect as before => After upgrade to Mageia8 veracrypt doesn't work with sudo as before
CC: (none) => ouaurelienKeywords: (none) => FOR_ERRATA8
Thanks Jani for your quick detective work. This looks more like for Release Notes than Errata, since the product is behaving as it should. It is not a Mageia bug. I am unclear whether the 'old' behaviour worked with *no* password for users of the group "crypt"; or whether it required the normal (= user) 'su' password. Are we talking about a password still required, but not the same one? Would this work in /etc/sudoers ?: %crypt ALL = NOPASSWD:/usr/bin/veracrypt --use-dummy-sudo-password @Uli : can you try that? It might get bounced as an invalid line. If it does work, then we might adjust the RPM accordingly.
CC: (none) => lewyssmith
Hello, @ Lewis: tried it with: %crypt ALL = NOPASSWD:/usr/bin/veracrypt --use-dummy-sudo-password -> now veracrypt requires a password for mounting the encrypted volume - but neither the user password nor the superuser password is accepted! - so vc can't mount the volume Went back to "%crypt ALL = NOPASSWD:/usr/bin/veracrypt" and started vc in this way: "veracrypt --use-dummy-sudo-password" Now vc shows the old behaviour: - it starts, i can choose the encrypted volume (with pw) and it is mounted from vc without requireing any additional password Seems its a change in the behaviour of veracrypt...?
Thank you for trying that. > Seems its a change in the behaviour of veracrypt...? Exactly, as Jani identified in comment 1 then 2. To be in Release Notes. Not sure whether we can close this.
Keywords: FOR_ERRATA8 => FOR_RELEASENOTES8
Whiteboard: (none) => 8rc
Not sure what to write. Please describe. For now i put a link to this bug at https://wiki.mageia.org/en/Mageia_8_Release_Notes#Veracrypt
CC: (none) => friWhiteboard: 8rc => (none)Keywords: FOR_RELEASENOTES8 => 8rc1, IN_RELEASENOTES8
VERACRYPT After upgrade to Mageia8 veracrypt does not work with sudo as before. Since veracrypt-1.24u2 one has to use '--use-dummy-sudo-password' when starting veracypt to get the old behaviour with sudo. https://github.com/veracrypt/VeraCrypt/releases/tag/VeraCrypt_1.24-Update2 "Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password" See also https://bbs.archlinux.org/viewtopic.php?pid=1906246#p1906246 [and reference this bug 28001]
Thanks. I shortened it a bit as the Release notes page is huge already. Solution stated, and details are in the links for the interested. https://wiki.mageia.org/en/Mageia_8_Release_Notes#VeraCrypt
Thanks.
In my opinion, an elegant solution (completely hidden from the end user) is to simply change the 'Exec=' line within veracrypt.desktop to: ┌──── │ Exec=/usr/bin/veracrypt --use-dummy-sudo-password └──── This works perfectly for me when starting veracrypt via KRunner. Of course users running from the command line will still need to be (made) aware of the new switch...
CC: (none) => johnltw
From comment 1: > use '--use-dummy-sudo-password' when starting veracypt to use the > old behavior with sudo. Agreeing to some extent with the previous comment (nicely presented), the problem with building this in is that is provides the *old* behaviour of veracrypt, a deviation from standard veracrypt usage as it is now. This is a dicey thing to do: we might be pressed to hide (where possible) all software evolutions yielding a behavioural change. And, of course, new users would then find it not conforming with the current 'book'. Users must ultimately live with such changes. Progress - as often bad as good.
Well expressed, Lewis :)
(In reply to Lewis Smith from comment #11) > From comment 1: > > use '--use-dummy-sudo-password' when starting veracypt to use the > > old behavior with sudo. > Agreeing to some extent with the previous comment (nicely presented), the > problem with building this in is that is provides the *old* behaviour of > veracrypt, a deviation from standard veracrypt usage as it is now. > This is a dicey thing to do: we might be pressed to hide (where possible) > all software evolutions yielding a behavioural change. And, of course, new > users would then find it not conforming with the current 'book'. > Users must ultimately live with such changes. Progress - as often bad as > good. So closing WONTFIX? Assigning to package maintainer who can say this.
Source RPM: veracrypt-1.24u7-3.mga8 => veracrypt-1.24u7-7.mga8.src.rpmAssignee: bugsquad => mageiaVersion: Cauldron => 8