Is it secure to mount Veracrypt without sudo password in this way
Does this way have any security issues other than what's mentioned in that post?
For reference:
Create a new group called say veracryptusers and give it the necessary permissions to use VeraCrypt without root password. Any user that belongs to that group will be able to use VeraCrypt. Note: this slightly increases attack surface for user rights elevation, so be sure to add only trusted users to this group.
$ groupadd veracryptusers
Now let's give this group sudo permissions limited to VeraCrypt:
$ sudo visudo -f /etc/sudoers.d/veracrypt
GNU nano 2.5.3 File: /etc/sudoers.d/veracrypt.tmp
Users in the veracryptusers group are allowed to run veracrypt as root.
%veracryptusers ALL=(root) NOPASSWD:/usr/bin/veracrypt
Also please make sure that veracrypt and /usr/bin have the proper permissions and are NOT writable by groups nor others:
$ ls -al /usr/bin/vera*
-rwxr-xr-x 1 root root 6341016 paź 17 2016 /usr/bin/veracrypt
$ ls -ald /usr/bin
drwxr-xr-x 2 root root 69632 lip 25 10:09 /usr/bin
Otherwise a malicious user may replace the executable and gain total root right at his wish.
Now reboot (or relogin) to have groups membership revaluated and voilà - you can mount and unmount your favourite volumes.
