I have a TrueCrypt container on a Windows share that I'm trying to mount from Ubuntu. However, I consistently get a "Permission Denied" error.
I am using /home/kent/.gvfs/share on server/path/to/container as the path. I have tried mounting with the default options, mounting as read-only, and mounting to a specific directory. I get the same error regardless.
If I copy the container to my local Ubuntu machine then I can mount it and access it without issue. On a Windows desktop, I can mount it over the network without issue.
How can I mount this container from Ubuntu over my network?
.gvfs is a virtual mountpoint not owned by your login user (hence you don't have write-access to it). You will need to set up a mount point manually, e.g.
Once you have this you can mount the volume from there (in this example, /mnt) and it should work as expected.
I posted this answer in the Ubuntu forum, but since I found the unanswered question here as well, I've more or less copied the same answer here...
Actually the solution couldn't be simpler. You just need to add an option to the "mount" command:
uid={local username}
The complete command (in the case of CIFS/SMB) being:
sudo mount -t cifs //{host}/*{share}* {local mount point} -o user={remote username},uid={local username}
Note: Without specifying the password as an option (always a good idea to avoid plaintexting your passwords and/or in a way that bash history collects, IMO), this command would then prompt you for the remote password (after first prompting you for the sudo password of course).
All this does is mounts the share in a way that you (the user) can read and write to. Then, TrueCrypt (or EncFS or some other FUSE module) has no problem accessing an encrypted volume stored on that share (assuming no other issues of course).
I don't know why this isn't widely discussed on the internets. I had to dig through the mount man page to discover this, after a fruitless internet search to this particular problem.
This is also not a hack or workaround. It's how mount was designed to work.
I should also point out that the previous solution discussed here is potentially dangerous, as it obviates the user-based security built-in to FUSE, and that TrueCrypt (and other FUSE modules such as EncFS) rely on: That is, by default only the current user can see the mounted volume! Modifying /etc/fuse.conf to add "user_allow_other", and specifying "allow_other" on the command line, overrides this behavior and allows any user to see your decrypted data. If you've encrypted your data in the first place, there's a fairly good chance you wouldn't want this side effect.
Try adding "user_allow_other" to /etc/fuse.conf, and mounting with the "allow_other" option.
I would also try to mount it with smbfs, using :
Truecrypt is based on FUSE - which is a user-space filesystem. In short: only the user has permissive rights to access the mounted volume. In order to make SMB e. g. access the folder you have to avoid the daemon's capabilities of permission settings with a default mask on file-creation events:
Make sure you export the volume on Windows accordingly: the mount point Truecrypt uses on Windows is also user-specific. That means your ActiveDirectory Daemon or whatever you chose, running as
SYSTEMe. g., needs permissive rights in order to access the mount-point: perform a right-click on Windows, set the permissions, and remount the TC container. This should solve the issues from both sides ;)