Now in December 2023, two passwords are required the first time a container or partition is mounted or created during a VeraCrypt session. The two passwords are 1) the VeraCrypt passphrase for the container or partition, and 2) the Linux user password.
This began with VeraCrypt version "1.24-Hotfix1" which was released in October 2019 and this post shows how to eliminate the second password prompt asking for the Linux user password.
It is important to note that this happens only the FIRST time a VeraCrypt container or partition is mounted or created in a VeraCrypt session. For the remainder of that session, only the VeraCrypt passphrase will be needed. Start a new VeraCrypt session and the Linux user password will be needed the first time a VeraCrypt password is entered to mount/create a container/partition.
The below screenshot shows the Linux user password prompt window:
There have been other fixes on the internet for the same VeraCrypt issue, but those only applied to versions earlier than the October 2019 1.24-Hotfix1 version.
The fix here works for VeraCrypt versions available in MX-19, MX-21, and MX-23 with this simple edit:
- Edit */etc/sudoers.d/antixers.
This can be done using a text editor, but it is **better to edit this file using visudo in the Terminal.
To use "visudo", use this command:Code: Select all
sudo visudo -f /etc/sudoers.d/antixers - Now, after the last "NOPASSWD" line, add the following line:
Code: Select all
%sudo ALL=(root) NOPASSWD: /usr/bin/veracrypt, /usr/bin/uptime - Save and close the visudo editor.
* The reason the /etc/sudoers.d/antixers file is used and preferred is because an update could change the sudoers file. This is because, typically, /etc/sudoers is under the control of the distribution’s package manager. The choice between sudoers and sudoers.d has nothing to do with security per se, but everything to do with maintainability.
Nevertheless, if the more commonly known /etc/sudoers file is desired, then run this command:
Code: Select all
sudo visudo /etc/sudoersCode: Select all
<user_name> ALL=(root) NOPASSWD: /usr/bn/veracrypt, /usr/bin/uptime------------------------------------------------------------------------
This is the source for the Linux user password prompt solution:
https://sourceforge.net/p/veracrypt/dis ... bba8/#9226 13 December 2019, JohnA posted:
When I looked at /var/log/auth.log I discovered that /usr/bin/uptime as well as /usr/bin/veracrypt had to be added to sudoers, for example:
<user_name> ALL=(ALL) NOPASSWD:/usr/bin/veracrypt, /usr/bin/uptime
Search "Test if the user has an active 'sudo' session" in https://www.veracrypt.fr/code/VeraCrypt ... ews=0&dt=0
I did not try to figure out why the source change was made; it didn't make sense to me.
https://sourceforge.net/p/veracrypt/dis ... #61f8/74df 11 January 2020, John A posted this possible explanation:
...here is the comment for the code that was added in the Veracrypt diff I cited above:
I don't think the use case of putting veracrypt in the sudoers file was considered when the change was made.Code: Select all
// Test if the user has an active "sudo" session. // This is only done under Linux / FreeBSD by executing the command "sudo -n uptime".
------------------------------------------------------------------------
Finally, as a side-note, there is another nag-screen. This time it only appears in VeraCrypt 1.25.9, which is the version in MX-23. This is a warning message and it cannot normally be eliminated, even after disabling the "Show this dialog the next time" option is used!
This nag-screen appears every time after launching VeraCrypt. Fortunately, the fix is easy: edit the VeraCrypt launcher by using the text in the below code window for the Launcher's Command. Thanks to fehlix with his 26 December 2023 post in the "Deutsches Forum" here viewtopic.php?p=758339#p758339 for refining the Launcher command which results in this:
Code: Select all
env WXSUPPRESS_SIZER_FLAGS_CHECK=1 veracrypt %f
