geli not working under non root user

[DSA - JCR]

Hi all

FreebSD 6.2

I have  usb disk crypto with GELI and now I am making a script in order 
the operators users can change this disks

When I try to do

   cat key 1 key2 | geli attach -k - /dev/da0

I get the error:

  Can´t lock memory: Operation not permited


if I run under root user it work without problems.

is there a solution for that? or is a problem of GELI?


thanks in advance

Juan Coruña
Desarrollo de Software Atlantico




___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: geli not working under non root user

[Norberto Meijome]

On Fri, 11 Jul 2008 12:44:50 - (GMT)
DSA - JCR [EMAIL PROTECTED] wrote:

 When I try to do
 
cat key 1 key2 | geli attach -k - /dev/da0
 
 I get the error:
 
   Can__t lock memory: Operation not permited
 
 
 if I run under root user it work without problems.
 
 is there a solution for that? or is a problem of GELI?

give the operators sudo access to geli ? 

_
{Beto|Norberto|Numard} Meijome

Science Fiction...the only genuine consciousness expanding drug
  Arthur C. Clarke

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: geli not working under non root user (Norberto Meijome)

[Norberto Meijome]

On Fri, 11 Jul 2008 16:42:46 - (GMT)
DSA - JCR [EMAIL PROTECTED] wrote:

 On Fri, 11 Jul 2008 12:44:50 - (GMT)
 DSA - JCR [EMAIL PROTECTED] wrote:
 
  When I try to do
 
 cat key 1 key2 | geli attach -k - /dev/da0
 
  I get the error:
 
Can__t lock memory: Operation not permited
 
 
  if I run under root user it work without problems.
 
  is there a solution for that? or is a problem of GELI?
 
 give the operators sudo access to geli ?
 _
 {Beto|Norberto|Numard} Meijome
 

Hola Juan,

please keep replying to the list (CC to me is fine too, but not just to me,
otherwise any information provided privately will not be available to others)

 I am maklng a script because they dont know nothing about UNIX (and
 computers ;D )
 
 In .profile i call the script Disk1 which is like:
 
 trap CTRL-Keys,
 if (geli attach) then
   if (fsck) then
  if (mount USB disk) then
 OK
 
 All automatic for the user.
 
 How can I give the operators sudo access to geli?

install security/sudo from ports

then 
man sudo 

and have a look at /usr/local/etc/sudoers . You edit it with visudo.

with sudo you can tell the system allow these users, or this group of users,
to execute this command as if they were root, using their own password to
authenticate . OR without a password.

IOW, you could make those users be able to run geli as root without a password.

 I dont use sudo for the script (must I?),

if you can get away with sudo for geli only, then just do  sudo geli in your
script. otherwise u can always do sudo yourscript.sh, but you must ensure the
script is very secure - you wouldn't want someone changing the contents of that
script and running it as root!

also, when using sudo, ALWAYS use full paths , eg, /sbin/geli - the user could
create a script in their homedir called 'geli', change their PATH settings to
look in ./ first, and then you could be in a lot of trouble.

Buena suerte,
Beto
PS : Mi padre es gallego,cerca de  Coru__a ;)
_
{Beto|Norberto|Numard} Meijome

Discovery consists of looking at the same thing as everyone else does and
thinking something different. Albert Szent-Gyorgyi

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]