pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: encfs works?



Jan Šmydke wrote:
> Thank you, Victor, for this tip. However it doesn't work either -
> perhaps as
>
> crw-------  1 root  wheel  178, 0 Dec 14 00:49 /dev/putter
>
> i.e. users don't have access here. I suppose changing permission or
> ownership of this device is not really wanted. It works for you now?
>
> JS
>   

Hmm... I used to use it with sshfs. I usually don't change permissions
(like SUID etc.) on executables.  This is how I do it:

------------------------------------------------------------
$ ls -l /usr/sbin/fusermount
-r-xr-xr-x  1 root  wheel  10783 Jan 19 16:22 /usr/sbin/fusermount

$ sshfs user@host:/home/user/ /home/victor/tmp/user/
Enter passphrase for key '/home/victor/.ssh/id_rsa':
sshfs: puffs_mount: "/home/victor/tmp/user/" is a relative path.
sshfs: puffs_mount: using "/home/victor/tmp/user" instead.
sshfs: puffs_mount: directory "/home/victor/tmp/user/": Operation not
permitted

$ sysctl -w vfs.generic.usermount=1       (as root)
vfs.generic.usermount: 0 -> 1

$ sshfs user@host:/home/user/ /home/victor/tmp/user/
Enter passphrase for key '/home/victor/.ssh/id_rsa' 
sshfs: puffs_mount: "/home/victor/tmp/user/" is a relative path.
sshfs: puffs_mount: using "/home/victor/tmp/user" instead.
------------------------------------------------------------


The 2nd try was indeed successful.  The same with encfs:

------------------------------------------------------------
$ encfs /home/victor/encrypted/ /home/victor/tmp_encrypted/
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/blowfish", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 160 bits
Block Size: 512 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:
encfs: puffs_mount: "/home/victor/tmp_encrypted/" is a relative path.
encfs: puffs_mount: using "/home/victor/tmp_encrypted" instead.


$ cd /home/victor/tmp_encrypted/
$ touch bla
touch: bla: Operation not permitted
------------------------------------------------------------

Well that's strange...

-- 
Victor Dorneanu

Contact
- Web/Blog: http://dornea.nu
 
GnuPG information
- KeyID = 0xD20870F4 (pgp.mit.edu)
- Key fingerprint = DD6B 5E09 242F 7410 3F90 492A 4CBA FD13 D208 70F4





Home | Main Index | Thread Index | Old Index