I installed an additional SSD on my pc. Everything works ok, except I need to unlock it with my root password on every session so that it mounts.

I’ve tried formatting it to change the ‘owner’, tried adding it to the user group, and I can’t find any other solutions. Any ideas?

This happens irrelevant of DE (happens on KDE and hyprland). I’m running tumbleweed, though this looks like a config problem rather than a distro problem.

  • darksiderbun@lemmy.caEnglish
    1·
    17 hours ago

    I know a lot of people are recommending fstsb entries, but since you’re using a DE, you can have the credential stored in the wallet / session manager for your DE. KDE and Gnome should both have an automount option using keys from there. Then you also can find a preference somewhere to unlock your wallet / session keys thing on login. Bing bang boom you should have it mount and unlock automatically without having to enter any extra stuff with the added benefit of not leaving the key around (though since it seems you have FDE anyway that’s a minor issue depending on your threat model)

  • MimicJar@lemmy.world
    6·
    2 days ago

    As you mentioned elsewhere it’s encrypted.

    Take a look at /etc/crypttab and creating and adding a key file that can unlock the drive.

    Essentially your additional SSD will have both a password and a file containing a password that can unlock the drive. When you unlock your root filesystem (I’m guessing at boot) it will then have the key file that can unlock the SSD.

    Something like cryptsetup luksAddKey /dev/pathtossd --new-keyfile /etc/newpassword

    Systemd might make this easier to setup nowadays.

    Edit: Also, yes, the password to unlock your SSD is just sitting in a file in your root drive. Be sure to restrict it to only be readable by root.

  • Eskuero@lemmy.fromshado.ws
    6·
    3 days ago

    Generally, they enforce in Linux using root permissions to mount internal hard drives unlike USB drives that can be mounted by the user If you want to mount it automatically in every boot, you could modify the /etc/fstab to add an entry for it

    • caseyweederman@lemmy.ca
      3·
      2 days ago

      I have a related issue. Mine is a network share and it’s in fstab, but I have Linux boot without waiting for wifi, so the mount fails and then asks for root password when I try to mount it later.
      I think I just need to add “user” to the options field, right?

      • irotsoma@lemmy.blahaj.zone
        2·
        2 days ago

        Try adding the nofail and _netdev options in your fstab entry. I have this on a few computers that connect to nfs shares including my laptop that obviously can only connect when I’m at home or on VPN. Example:

        server:/path /mnt/path nfs4 defaults,nofail,_netdev 0 0

          • irotsoma@lemmy.blahaj.zone
            2·
            12 hours ago

            Nope it doesn’t add anything for me. The _netdev option tells mount to wait until the network is connected before attempting to mount. And the nofail option tells it not to error or block the process that called it if the mount doesn’t work or is delayed.

            Now if the mount contains your etc or other critical config files, it could cause problems and maybe you want to wait, so don’t want the nofail. And of course this kind of thing is somewhat OS specific depending on what boot system and service manager, etc., is used, so YMMV, but on Fedora, Rocky, and Ubuntu, it has worked for me for many years.

      • Brewchin@lemmy.worldEnglish
        3·
        2 days ago

        You may be right, but I worked around this using https://wiki.archlinux.org/title/NetworkManager#Network_services_with_NetworkManager_dispatcher

        I added the CIFS shares to my fstab with the _netdev option and created /etc/NetworkManager/dispatcher.d/30-nas-shares.sh containing (got the WiFi UUID using nmcli con show):

        #!/bin/sh
WANTED_CON_UUID="UUID-OF-MY-WIFI"

if [ "$CONNECTION_UUID" = "$WANTED_CON_UUID" ]; then
  case "$2" in
    "up"|"vpn-up")
      mount -a -t cifs
      ;;
  esac
fi

        This waits for my WiFi to come up, ensures it’s my home WiFi, and then mounts my shares.

        There are probably other and better ways to do it, but it works.

      • Eskuero@lemmy.fromshado.ws
        3·
        2 days ago

        I believe systemd after targets work tho I have never tried them Try adding this to mount options

        x-systemd.after=network-online.target

    • 9tr6gyp3@lemmy.world
      1·
      3 days ago

      If its encrypted, you can also decrypt the drive automatically once booted by adding an entry in /etc/crypttab

      This will make it so you don’t have to type the password.

        • Eskuero@lemmy.fromshado.ws
          3·
          3 days ago

          For automatically you need to add a keyfile to a slot in the luks device

          # openssl genrsa -out /root/keyfile.bin 4096

          # cryptsetup luksAddKey /dev/mapper/extra /root/keyfile.bin

          The entry in the crypttab would be like this

          extra UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /root/keyfile.bin luks

          • 9tr6gyp3@lemmy.world
            3·
            3 days ago

            And technically the key file can just be a plain text password and still work. Just as long as the key file matches the drive’s encryption password.

  • voracread@lemmy.world
    1·
    2 days ago

    KDE has option to automount during login. I found that to be the best solution.

    Edit: I am mainly a PCLinuxOS user, so not sure if that would work for you.

    • piratekaiser@lemm.eeOPEnglish
      2·
      3 days ago

      Right. Wouldn’t it make sense to unlock it along with my root drive when I log in though? There should be a way to do that

      • catloaf@lemm.eeEnglish
        1·
        3 days ago

        You could set the password to be the same. It’ll attempt to use all known methods when unlocking it.

        You can also probably store a key on the root drive instead of using a password, but I’ve never done that.