How can ubuntu/truecrypt be configured so users can mount volumes if-and-only-if they have proper permissions on the mount-point?

If I add the line: ALL= /usr/bin/truecrypt to the sudoers file this lets all users mount volumes at arbitrary mount-points. The problem is a user could create a truecrypt volume and then mount it at /etc/apache2 or /var/www -- directories which they shouldn't be able to tamper with. If a user doesn't have sudo rights to run /usr/bin/truecrypt then truecrypt fails after prompting for the administrator/user password. What's the proper way to configure the system/truecrypt so users can mount volumes in a sane/safe way? **e.g. they can only mount volumes to mount-points which they own (or have write-access to)?**