I have set up a Qube that acts as my primary vault or volume storage Qube, which contains all kinds of encrypted volumes and databases, including KeePassXC databases, VeraCrypt volumes, and dm-crypt volumes.
Some of those volumes are intended to be opened exclusively within the vault Qube, while others are intended to be attached to other Qubes, such as my workstation qube or video-prod qube. For example, I am using my video-prod Qube for video and content production. The resulting files are then stored on a designated VeraCrypt volume from the vault Qube.
There are no permission issues with volumes and databases opened within the vault Qube, however, things get weird when mounting VeraCrypt volumes to other Qubes.
My process is as follows:
- Open VeraCrypt in
vaultQube - Select volume to be mounted
- Click
Mountand enter Password, keyfiles, etc. - Select
Options > - Select
Do not mount - Click
OK - Via Qubes Domains, mount the decrypted volume to
video-prod - In
video-prod, create/mnt/videosdirectory and mount/dev/xvd{x}to/mnt/videos
When I now enter /mnt/videos in video-prod, all data is owned by root:root. As user, I can’t modify the data in any way, which means I can’t edit videos and save them into the volume. I can only make changes with sudo or as the root user.
If I try to change the permissions with sudo chown user:user -R /mnt/videos, it says:
chown: changing ownership of '/mnt/videos': Operation not permitted
When I mount it in the vault Qube, the Qube that contains the VeraCrypt volume file, it mounts it as user:user and I can change permissions however I see fit.
The same issue does not happen with dm-crypt, they mount just fine with the correct permissions.
I’m not sure if I’m doing something incorrectly when trying to mount the VeraCrypt volume, whether I’m forgetting to select some option, or provide the correct Mount options. Has anyone else had this issue?