Marco's Blog

All content personal opinions or work.
en eo

HOWTO: Map Truecrypt USB Drives on Linux

2013-01-07 4 min read Howto marco

One of the little annoyances with USB drives on Linux is that they are placed on a different device node each time, depending on the sequence with which they were mounted. The problem with that is that if you tell Truecrypt to mount, say, /dev/sde1, it might be a different drive next time you mount.

My setup here is such that I have truecrypt mounting drives automagically using autofs. I have a smart script that knows how to mount all sorts of things, and truecrypt files are just one of those things. (It also knows how to automatically mount source code repositories, ssh/ftp/http file systems, ISO files, and a bunch of other things.

The one thing that eluded me, though, is the ability to mount automatically USB drives, because I have no fixed target to work with. After a while, I was quite annoyed at having a script that was almost perfect and dug up if there was a way to identify a drive that didn’t depend on the order in which they were connected or responding.

Turns out there is a very simple way, at least on Kubuntu: the /dev directory has all sorts of fancy symlinks that give you alternate names for the devices you already find in the top level directory. In this case, the devices we want are simply in the /dev/disk/by-id directory.

There are two easy ways to go about this, depending on the information you have:

1. You know which device corresponds to which drive right now, but want to avoid having to change it.

Say you want to find a permanent name for /dev/sde1. You cd into the directory (cd /dev/disk/by-id) and list all files there, in long, looking for those that have the device name in them: ls -l | grep /sde1

On my system, that currently gives me three entries:

lrwxrwxrwx 1 root root 10 Dec 30 13:14 ata-ST3000DM001-9YN166_W1F0L1RE-part1 -> ../../sde1
lrwxrwxrwx 1 root root 10 Dec 30 13:14 scsi-SSeagate_GoFlex_Desk_NA0MHLA9-part1 -> ../../sde1
lrwxrwxrwx 1 root root 10 Dec 30 13:14 wwn-0x5000c50051071959-part1 -> ../../sde1

ANY of the three bold-faced names is constant. If you tell truecrypt to use any of them (I use the scsi- names because they are more descriptive) for the device to mount, you will always get the same drive.

To make things perfect, if you don’t have access to my magic automounter script, you can tell truecrypt to mount the device you found above, and then in the advanced settings in the mount dialog say to which directory you want to mount it. Then you save it as a preferred drive (or whatever the name is), and you can load it automatically every time you start truecrypt (or feel like it).

Note: I encrypt my drives only to prevent third parties from reading the content. I don’t care about someone breaking in and gaining access to my running system, because I have nothing on those drives that is illegal or secret. If you do, then by all means don’t tip of people with a preferred mount point, like /dev/disk/by-id/scsi-GoFlex – /media/bankaccountinfo or some such!!!

2. You don’t know which drive is which.

This is a variant of the version above. Suppose you haven’t mounted the truecrypt volumes yet, and truecrypt just tells you there are several drives available. What do you do?

Well, in this case it’s even easier than in the first case, although it requires a little more typing.

Assume the drives are already plugged in. You go into the directory /dev/disk/by-id and type the command: ls -l > /tmp/mrgazz-tip.old. Next you unplug the drive, wait about ten seconds and type almost the same command: ls -l > /tmp/ (Neither command will say anything interesting.)

Next you type this command: diff /tmp/mrgazz-tip.old /tmp/ It should give you a bunch of lines that look just like the lines above (the ones with the names of the drives). Again, you pick a name and you are golden.

The tip also works in the same fashion if you didn’t plug in your drive yet. Just follow the same instructions, but replace “unplug” with “plug in.”