I installed an additional SSD on my pc. Everything works ok, except I need to unlock it with my root password on every session so that it mounts.

I’ve tried formatting it to change the ‘owner’, tried adding it to the user group, and I can’t find any other solutions. Any ideas?

This happens irrelevant of DE (happens on KDE and hyprland). I’m running tumbleweed, though this looks like a config problem rather than a distro problem.

  • @MimicJar
    211 hours ago

    As you mentioned elsewhere it’s encrypted.

    Take a look at /etc/crypttab and creating and adding a key file that can unlock the drive.

    Essentially your additional SSD will have both a password and a file containing a password that can unlock the drive. When you unlock your root filesystem (I’m guessing at boot) it will then have the key file that can unlock the SSD.

    Something like cryptsetup luksAddKey /dev/pathtossd --new-keyfile /etc/newpassword

    Systemd might make this easier to setup nowadays.

    Edit: Also, yes, the password to unlock your SSD is just sitting in a file in your root drive. Be sure to restrict it to only be readable by root.

    • @FauxLiving
      18 hours ago

      Be sure to restrict it to only be readable by root.

      sudo chmod 400 /etc/newpassword
  • @voracread
    112 hours ago

    KDE has option to automount during login. I found that to be the best solution.

    Edit: I am mainly a PCLinuxOS user, so not sure if that would work for you.

  • Eskuero
    91 day ago

    Generally, they enforce in Linux using root permissions to mount internal hard drives unlike USB drives that can be mounted by the user If you want to mount it automatically in every boot, you could modify the /etc/fstab to add an entry for it

    • @[email protected]
      322 hours ago

      I have a related issue. Mine is a network share and it’s in fstab, but I have Linux boot without waiting for wifi, so the mount fails and then asks for root password when I try to mount it later.
      I think I just need to add “user” to the options field, right?

      • irotsoma
        212 hours ago

        Try adding the nofail and _netdev options in your fstab entry. I have this on a few computers that connect to nfs shares including my laptop that obviously can only connect when I’m at home or on VPN. Example:

        server:/path /mnt/path nfs4 defaults,nofail,_netdev 0 0

      • BrewchinEnglish
        320 hours ago

        You may be right, but I worked around this using https://wiki.archlinux.org/title/NetworkManager#Network_services_with_NetworkManager_dispatcher

        I added the CIFS shares to my fstab with the _netdev option and created /etc/NetworkManager/dispatcher.d/30-nas-shares.sh containing (got the WiFi UUID using nmcli con show):

        #!/bin/sh
WANTED_CON_UUID="UUID-OF-MY-WIFI"

if [ "$CONNECTION_UUID" = "$WANTED_CON_UUID" ]; then
  case "$2" in
    "up"|"vpn-up")
      mount -a -t cifs
      ;;
  esac
fi

        This waits for my WiFi to come up, ensures it’s my home WiFi, and then mounts my shares.

        There are probably other and better ways to do it, but it works.

      • Eskuero
        320 hours ago

        I believe systemd after targets work tho I have never tried them Try adding this to mount options

        x-systemd.after=network-online.target

    • @9tr6gyp3
      423 hours ago

      If its encrypted, you can also decrypt the drive automatically once booted by adding an entry in /etc/crypttab

      This will make it so you don’t have to type the password.

        • Eskuero
          423 hours ago

          For automatically you need to add a keyfile to a slot in the luks device

          # openssl genrsa -out /root/keyfile.bin 4096

          # cryptsetup luksAddKey /dev/mapper/extra /root/keyfile.bin

          The entry in the crypttab would be like this

          extra UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /root/keyfile.bin luks

          • @9tr6gyp3
            422 hours ago

            And technically the key file can just be a plain text password and still work. Just as long as the key file matches the drive’s encryption password.

  • @kitnaht
    51 day ago

    Encrypted volume? If so, that’s why.

    • @[email protected]OPEnglish
      41 day ago

      Right. Wouldn’t it make sense to unlock it along with my root drive when I log in though? There should be a way to do that

      • @[email protected]English
        41 day ago

        You could set the password to be the same. It’ll attempt to use all known methods when unlocking it.

        You can also probably store a key on the root drive instead of using a password, but I’ve never done that.

        • @[email protected]OPEnglish
          41 day ago

          They do use the same pass though, that’s why it’s so strange to me. Thanks for the help, this at least gives me a clue.

          I’ll dig around and update the post for reference.