Public bug reported: $ ll -n -r-------- 1 0 0 4096 Sep 1 23:57 xxxxxxxx.keyfile
/lib/cryptsetup/cryptdisks.functions::check_key() checks ownership based on the name/group alias, not the actual UID/GID, and therefore breaks if "root" != UID/GID 0. + /usr/sbin/cryptdisks_start LUKS_HDD_BOOT * Starting crypto disk... * LUKS_HDD_BOOT: INSECURE OWNER FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian. * LUKS_HDD_BOOT: INSECURE OWNER GROUP FOR xxxxxxxx.keyfile, see /usr/share/doc/cryptsetup/README.Debian. * LUKS_HDD_BOOT (skipped, device /dev/disk/by-uuid/160fa39a-1205-4ad5-be44-9c2c943fb113 does not exist)... [fail] + read DM_NAME DEVICE KEYFILE OPTIONS + exit 0 The script should not be relying on parsing 'ls' output either. The attached patch fixes both issues. ** Affects: cryptsetup (Ubuntu) Importance: Undecided Status: Triaged ** Patch added: "Use UID/GIDs not text aliases; use 'stat' no 'ls | sed'" https://bugs.launchpad.net/bugs/1520652/+attachment/4526366/+files/cryptdisk-use-UID-use-stat.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1520652 Title: Erroneous "INSECURE OWNER FOR xxxxx.keyfile" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1520652/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs