I don't think it is a good idea. If you want to use sudo it is better give the permission to the user only for a single app, not all. For example you can write in /etc/sudoers:
Quote:
user ALL=NOPASSWD: /usr/bin/truecrypt
Personally I use a "link to application" with this inside for mounting (as root, console):
Quote:
truecrypt "/home/user/My Documents/Volume.tc" /media/truecrypt; /usr/lib/kde4/libexec/kdesu dbus-launch dolphin /media/truecrypt
and this for unmounting (as root):
Quote:
truecrypt -d
I have installed a special version of truecrypt 7.0 package that is realively easy to compile for debian (it has a debian folder inside).
From the readme:
Quote:
TrueCrypt for Debian
--------------------
This file is part of an unofficial Debian packaging for TrueCrypt. It is
unrelated to either Debian or TrueCrypt. It was created because the packaging
author disliked installing deb files for which he couldn't get the Debian
sources for.
This packaging differs from the TrueCrypt Ubuntu/Debian packaging in at least
these ways:
- This package provides an init script that calls 'truecrypt -d' on shutdown. At
the point it is called, all filesystems (except root) should already have been
unmounted, but the TrueCrypt service processes and device mappings may still
be active. Calling 'truecrypt -d' is probably better than the system sending
the TrueCrypt service kill signals. It can be disabled by editing
/etc/default/truecrypt.
- A Perl script transforms the output of 'truecrypt --help' to produce a
troff man page. The upstream sources don't contain a man page.
- This package adds itself to both the Debian menu system and the Gnome menu
system. The TrueCrypt package only adds itself to the latter.
- The user manual is installed in /usr/share/doc/truecrypt as opposed to
/usr/share/truecrypt/doc.
- This package uses libopencryptoki for the PKCS#11 headers rather than
including the ones from RSA (they are not included with the TrueCrypt
sources). These only implement PKCS#11 v2.11 rather than v2.20. The v2.20
headers define a few error codes that the v2.11 ones don't. This does not
impact TrueCrypt functionality as it only uses them to map error codes back to
strings and will use the hex value of the code as a fallback. Secondly, there
does not appear to be a PCKS#11 v2.20 implementation in Debian at the moment
anyway, so they're also rather unlikely to appear.
Quote:
|