EncFS – Simple article to use Encrypted filesystem in Linux

Hot:

h3font face=”sans-serif”A nice article a href=”http://www.linux.com/feature/114147″here/a./fontbr //h3h3CLI Maspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanic: EncFS/h3 div class=”xar-article-details” By a set=”yes” linkindex=”39″ href=”http://clifornoobies.com/”Joe Barr/a on June 26, 2006 (8:00:00 AM)/div p style=”text-align: right;” !– ADDTHIS BUTTON BEGIN — script type=”text/javascript” addthis_pub = ‘linuxcom’; addthis_logo = ‘http://c.fsdn.com/lc/images/lc_logo.png’; addthis_brand = ‘Linux.com’; addthis_options = ‘email, slashdot, digg, delicious, more’; /scriptbr / /p div class=”xar-clearleft” a linkindex=”43″ href=”http://arg0.net/wiki/encfs”EncFS/a is an easy-span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span-use, command-line span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanol for sspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanrinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span information in encrypted form. It’s not really a filesystem, but it pretends span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be one at the CLI. If you’ve been searchinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span for a means of encryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span and decryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span your sensitive data easily, here it is.br / br /bUser Level: /bIntermediate /div div id=”featurecontent” class=”xar-align-left” pEncFS is included with the distribution I’m usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span on the deskspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanp, Ubuntu Dapper, so all I needed span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span do span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span install it was a few clicks in Synaptic. Look for the encfs packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane, and select if for installation. It should pull down all of the dependencies for the system./p pIf you’re not so lucky, and your distro doesn’t include EncFS packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes, you can download the latest tarball from a linkindex=”44″ href=”http://arg0.net/wiki/encfs#download_links_and_release_notes”here/a and build it from the source. See the EncFS site for a linkindex=”45″ href=”http://arg0.net/wiki/encfs#dependencies”dependencies/a./p pIn addition, you’ll need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span load the fuse kernel module in order span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span use EncFS. span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span do this, run codemodprobe fuse/code, which should take care of loadinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span the fuse kernel module. You also need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span add your user ID span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup before you can use EncFS. span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span add the user ID span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup, run codeusermod -a -span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/span fuse emusername/em /code — this will add emusername/em span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup, without removinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span the user from other span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroups./p pHere’s how it works. When you start EncFS at the command line, you tell it where span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span keep the encrypted and decrypted versions of your “filesystem.” The encrypted version stays put, rispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanht where you tell it span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span stay, but the plain-text version disappears when you want it span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span; either by use of an unmount command or by reachinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span a predetermined period of inactivity. Let’s take a hypothetical case span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span illustrate the process./p pI’m planninspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span a surprise birthday party for someone near and dear span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span me, someone who occasionally uses my deskspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanp computer, so I decide span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span use EncFS span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span hide the evidence. span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet started, I simply enter the followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span at the CLI:/p p codeencfs ~/.partyplans ~/partyplans/code /p pSince this is the first time EncFS has heard about partyplans, it double-checks span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span make sure I haven’t made a typo before proceedinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span create the direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanries, set the options, and span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet a password span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span use with them:/p p /ppreThe direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry “/home/warthawlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;/.partyplans/” does not exist. Should it be created? (y,n) ylt;br /gt;The direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry “/home/warthawlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;/partyplans” does not exist. Should it be created? (y,n) ylt;br /gt;Creatinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; new encrypted volume.lt;br /gt;Please choose from one of the followinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; options:lt;br /gt; enter “x” for expert confilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;uration mode,lt;br /gt; enter “p” for pre-confilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ured paranoia mode,lt;br /gt; anythinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; else, or an empty line will select standard mode.lt;br /gt;?lt;br /gt;lt;br /gt;lt;br /gt;lt;br /gt;Standard confilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;uration selected.lt;br /gt;lt;br /gt;lt;br /gt;Confilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;uration finished. The filesystem lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; be created haslt;br /gt;the followinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; properties:lt;br /gt;Filesystem cipher: “ssl/blowfish”, version 2:1:1lt;br /gt;Filename encodinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;: “nameio/block”, version 3:0:1lt;br /gt;Key Size: 160 bitslt;br /gt;Block Size: 512 byteslt;br /gt;Each file contains 8 byte header with unique IV data.lt;br /gt;Filenames encoded usinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; IV chaininlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; mode.lt;br /gt;lt;br /gt;lt;br /gt;Now you will need lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; enter a password for your filesystem.lt;br /gt;You will need lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; remember this password, as there is absolutelylt;br /gt;no recovery mechanism. However, the password can be chanlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;edlt;br /gt;later usinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; encfsctl.lt;br /gt;lt;br /gt;lt;br /gt;New Encfs Password:lt;br /gt;Verify Encfs Password:lt;br /gt;warthawlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;@wartslair:~The direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry “/home/warthawspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span/.partyplans/” does not exist. Should it be created? (y,n) ybr /The direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry “/home/warthawspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span/partyplans” does not exist. Should it be created? (y,n) ybr /Creatinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span new encrypted volume.br /Please choose from one of the followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span options:br / enter “x” for expert confispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuration mode,br / enter “p” for pre-confispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanured paranoia mode,br / anythinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span else, or an empty line will select standard mode.br /?br /br /br /br /Standard confispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuration selected.br /br /br /Confispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuration finished. The filesystem span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be created hasbr /the followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span properties:br /Filesystem cipher: “ssl/blowfish”, version 2:1:1br /Filename encodinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span: “nameio/block”, version 3:0:1br /Key Size: 160 bitsbr /Block Size: 512 bytesbr /Each file contains 8 byte header with unique IV data.br /Filenames encoded usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span IV chaininspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span mode.br /br /br /Now you will need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span enter a password for your filesystem.br /You will need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span remember this password, as there is absolutelybr /no recovery mechanism. However, the password can be chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanedbr /later usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span encfsctl.br /br /br /New Encfs Password:br /Verify Encfs Password:br /warthawspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span@wartslair:~$br //pre table style=”border: thin solid ; padding: 6px; background: rgb(214, 254, 255) none repeat scroll 0% 50%; width: 42%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; margin-bottom: 10px; margin-left: 10px; margin-right: 10px; float: right;” tbodytr class=”" thEncrypted file systems and other users/th /tr tr class=”even” td pWe wondered — in the event there were multiple users on a system — who could see the unencrypted versions of EncFS? So we asked Valient span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh, the prospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanram’s author./p p strongLinux.com/strong: If there are multiple users on a system, and one of them is usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span EncFS span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span view/edit secret data, will that data be exposed by the ‘mounted’ filesystem be visible span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span others on the system?”/p p strongspan style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh/strong: Nope. By default, other users are not able span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span see FUSE filesystems, which is handled at the kernel level before encfs span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanets control. Even root can’t view files there by default – althouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh if someone has root access they can span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet around any restrictions by a number of ways./p pThere are a couple of options span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span FUSE span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane this behavior if desired (and encfs can help here as well). FUSE has an option span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span allow root access, and span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span allow all users. Allowinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span all users requires the filesystem span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be run by root (for security — see FUSE mailinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span list archives for older discussions when allow_* flaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spans were added)./p pEncfs has a command line option “–public” which will pass the appropriate flaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spans span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span FUSE span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span allow all-user access, but that means encfs must be run as root. The standard Unix span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/spans still apply – users can only read files that they have span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span access. When run in this way, files which are created by a user will be owned by that user (which is why it has span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be run by root)./p /td /tr /tbody/table pThen I can plot and scheme and plan for the surprise party span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span my heart’s content, and remember span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span save the evidence in the secure ~/partyplans direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry. As soon as I do so, the secret data is available in both encrypted form — in the hidden ~/.partyplans direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry — and in plain-text in the visible direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry. Test that by enterinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span codels -al/code and lookinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span for the .partyplans and partyplans entries. It’s all there, in plain sispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanht, and that’s not span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanood./p pWe need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span use a related span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanol span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span make the plain-text version disappear until it’s needed aspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanain. Like this:/p p /pprefusermount -u ~/partyplansbr //pre pThat unmounts the files in the partyplans direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry. The direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanries are still there, the encrypted versions of any files are still there. But the human-readable data files are span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanone. Pretty neat, huh? span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span make them reappear, simply enter the orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninal EncFS command specifyinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span the direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanries span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be used, and after it checks the password, the invisible becomes visible aspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanain./p pEncFS also has an option which creates the “filesystem” which allows you span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span set a predetermined period of inactivity, which will auspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanmatically unmount the plain-text “filesystem” after the specified number of minutes of inactivity is reached. span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span set a one hour period, for example, you would enter this when creatinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span the “filesystem:”/p p code encfs -i=60 ~/.auspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanhide ~/auspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanhide /code /p p strongBut what if…/strong /p pYou know what the say about the best laid plans. So what do you do if you need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane the password for, or the location of, your super-sekrit (TM) party plans appear? You use the encfsctl command, that’s what. Just like this, if you need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane the password:/p p codeencfsctl passwd ~/.partyplans/code /p pThat trispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaners the followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span dialospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span, which asks for the current password, then the new one, then for verification of the new one./p p /ppreEnter current Encfs passwordbr /EncFS Password:br /Enter new Encfs passwordbr /New Encfs Password:br /Verify Encfs Password:br /Volume Key successfully updated.br /lt;br /gt;lt;/pregt; lt;table style=”border: thin solid ; padding: 6px; background: rgb(214, 254, 255) none repeat scroll 0% 50%; width: 42%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; margin-bottom: 10px; margin-left: 10px; margin-right: 10px; float: right;”gt; lt;tbodygt;lt;tr class=”"gt; lt;thgt;Encrypted file systems and other userslt;/thgt; lt;/trgt; lt;tr class=”even”gt; lt;tdgt; lt;pgt;We wondered — in the event there were multiple users on a system — who could see the unencrypted versions of EncFS? So we asked Valient lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;Glt;/spangt;lt;/spangt;oult;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;h, the prolt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ram’s author.lt;/pgt; lt;pgt; lt;stronggt;Linux.comlt;/stronggt;: If there are multiple users on a system, and one of them is usinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; EncFS lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; view/edit secret data, will that data be exposed by the ‘mounted’ filesystem be visible lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; others on the system?”lt;/pgt; lt;pgt; lt;stronggt;lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;Glt;/spangt;lt;/spangt;oult;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;hlt;/stronggt;: Nope. By default, other users are not able lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; see FUSE filesystems, which is handled at the kernel level before encfs lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ets control. Even root can’t view files there by default – althoult;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;h if someone has root access they can lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;et around any restrictions by a number of ways.lt;/pgt; lt;pgt;There are a couple of options lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; FUSE lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; chanlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;e this behavior if desired (and encfs can help here as well). FUSE has an option lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; allow root access, and lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; allow all users. Allowinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; all users requires the filesystem lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; be run by root (for security — see FUSE mailinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; list archives for older discussions when allow_* flalt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;s were added).lt;/pgt; lt;pgt;Encfs has a command line option “–public” which will pass the appropriate flalt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;s lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; FUSE lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; allow all-user access, but that means encfs must be run as root. The standard Unix lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;permissionlt;/spangt;lt;/spangt;s still apply – users can only read files that they have lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;permissionlt;/spangt;lt;/spangt; lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; access. When run in this way, files which are created by a user will be owned by that user (which is why it has lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; be run by root).lt;/pgt; lt;/tdgt; lt;/trgt; lt;/tbodygt;lt;/tablegt; lt;pgt;Then I can plot and scheme and plan for the surprise party lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; my heart’s content, and remember lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; save the evidence in the secure ~/partyplans direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry. As soon as I do so, the secret data is available in both encrypted form — in the hidden ~/.partyplans direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry — and in plain-text in the visible direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry. Test that by enterinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; lt;codegt;ls -allt;/codegt; and lookinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; for the .partyplans and partyplans entries. It’s all there, in plain silt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ht, and that’s not lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ood.lt;/pgt; lt;pgt;We need lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; use a related lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ol lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; make the plain-text version disappear until it’s needed alt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ain. Like this:lt;/pgt; lt;pgt; lt;/pgt;lt;pregt;fusermount -u ~/partyplanslt;br /gt;lt;/pregt; lt;pgt;That unmounts the files in the partyplans direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ry. The direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ries are still there, the encrypted versions of any files are still there. But the human-readable data files are lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;one. Pretty neat, huh? lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;Tolt;/spangt;lt;/spangt; make them reappear, simply enter the orilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;inal EncFS command specifyinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; the direclt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;ries lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; be used, and after it checks the password, the invisible becomes visible alt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ain.lt;/pgt; lt;pgt;EncFS also has an option which creates the “filesystem” which allows you lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; set a predetermined period of inactivity, which will ault;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;matically unmount the plain-text “filesystem” after the specified number of minutes of inactivity is reached. lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;Tolt;/spangt;lt;/spangt; set a one hour period, for example, you would enter this when creatinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; the “filesystem:”lt;/pgt; lt;pgt; lt;codegt; encfs -i=60 ~/.ault;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;hide ~/ault;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt;hide lt;/codegt; lt;/pgt; lt;pgt; lt;stronggt;But what if…lt;/stronggt; lt;/pgt; lt;pgt;You know what the say about the best laid plans. So what do you do if you need lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; chanlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;e the password for, or the location of, your super-sekrit (TM) party plans appear? You use the encfsctl command, that’s what. Just like this, if you need lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;tolt;/spangt;lt;/spangt; chanlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;e the password:lt;/pgt; lt;pgt; lt;codegt;encfsctl passwd ~/.partyplanslt;/codegt; lt;/pgt; lt;pgt;That trilt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;lt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;ers the followinlt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt; dialolt;span style=”background-color: yellow;”gt;lt;span style=”background-color: yellow;”gt;glt;/spangt;lt;/spangt;, which asks for the current password, then the new one, then for verification of the new one.lt;/pgt; lt;pgt; lt;/pgt;lt;pregt;Enter current Encfs passwordlt;br /gt;EncFS Password:lt;br /gt;Enter new Encfs passwordlt;br /gt;New Encfs Password:lt;br /gt;Verify Encfs Password:lt;br /gt;Volume Key successfully updated.lt;br /gt;/pre pThere you have it, basic usaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane for EncFS and friends, more than enouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span keep your own party plans safe from pryinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span eyes. Of course, there’s more span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span EncFS, so be sure span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span read the man paspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes for encfs, encfsctl, and fusermount./pbr /pComments::br //pdiv class=”xar-accent-outline xar-cm-comment”divh4 Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 26, 2006 04:17 PM/span /div div class=”xar-accent xar-cm-comment” blockquote divlt;ttgt;fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”denied/span/spanbr /fuse span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span.nbsp; Common problems:br / – fuse kernel module not installed (modprobe fuse)br / – invalid options — see usaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane messaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanelt;/ttgt;/div /blockquoteThat’s what I span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet on Ubuntu 6.06, any suspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanestions? p a linkindex=”56″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152794″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152796″/a h4 Re:Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 26, 2006 05:44 PM/span /div div class=”xar-accent xar-cm-comment” Have you checked if you are in the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup and fuserumount has the correct span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/spans?br /br /-rwsr-xr– 1 root fuse 19160 2006-05-21 17:23lt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/bin/fusermountbr / p a linkindex=”57″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152796″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152797″/a h4 Re:Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 26, 2006 08:07 PM/span /div div class=”xar-accent xar-cm-comment” Yes and yes. p a linkindex=”58″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152797″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152811″/a h4 Re:Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Joe Barr on June 26, 2006 09:13 PM/span /div div class=”xar-accent xar-cm-comment” br /modprobe fuse? p a linkindex=”59″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152811″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152795″/a h4 Alternative: ecryptfs!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 26, 2006 05:39 PM/span /div div class=”xar-accent xar-cm-comment” I just wanted span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span point out that there is an alternative that is pretty similar span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span encfs from a users point of view: ecryptfs.br /br /It has the advantaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane that the key is sspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanred inside the encrypted file itself, instead of in a seperate file (as with encfs), so encrypted files can be transfered from one PC span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span another without any extra files and decrypted there (as lonspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span as you have the the passphrase).br /br /Even thouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh ecryptfs is still in development, it already has all the functionality encfs can offer and a roadmap of pretty excitinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span features. One disadvantaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane (or maybe you see it as an advantaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane) of ecryptfs is thouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh that it doesn’t work with fuse, but requires a seperate kernel module (which is already in the -mm kernel tree thouspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh). p a linkindex=”60″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152795″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152798″/a h4 let me span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet this straispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanht….!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 27, 2006 01:22 AM/span /div div class=”xar-accent xar-cm-comment” the author… a lonspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spantime writer for this ‘how/why span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span use the command line’ series of articles, uses synaptic span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span install packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes in ubuntu?br /br /quote with my emphasis gt; ’so all I needed span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span do span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span install it was a FEW CLICKS in Synaptic’br /br /how about $gt;apt-span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet install encfs ???br /br /very bad form Joe Barr…tsk tskbr / p a linkindex=”61″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152798″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152812″/a h4 Re:let me span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet this straispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanht….!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Joe Barr on June 28, 2006 01:08 AM/span /div div class=”xar-accent xar-cm-comment” You must be a new reader of this column, which I created a few years aspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spano. It was orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninally called CLI for Noobies, and one of these days, there will be a book by that name.br /pbr /It has never been my position that the choice of a span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanUI or the CLI is a binary one. From the very bespan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninninspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span, I’ve arspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanued that you should use the rispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanht span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanol for the task at hand. Sometimes that’s the span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanUI, sometimes the CLI.br //ppbr /With Ubuntu, I can use Synaptic or apt-span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet as the spirit moves me. Just as Baud intended.br //ppbr /Joe Barr/p p a linkindex=”62″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152812″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152799″/a h4 Re:Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 27, 2006 10:18 AM/span /div div class=”xar-accent xar-cm-comment” modprobe fusebr /br /then make sure that your usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span is added span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup.br /br /Then you need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span out and lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span back in for the chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane in span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroups span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span take effect. p a linkindex=”63″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152799″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152800″/a h4 Re:Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span here !– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 27, 2006 03:26 PM/span /div div class=”xar-accent xar-cm-comment” Didn’t know you have span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span out and back in aspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanain for span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span take effect, thanks for the help everyone. p a linkindex=”64″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152800″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152801″/a h4 What are the benefits?!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 27, 2006 06:37 PM/span /div div class=”xar-accent xar-cm-comment” Could anybody please explain me what are the benefits of usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span encfs in comparison with encryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span a file with span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanpspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span and then removinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span the orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninal? Thanks!br / p a linkindex=”65″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152801″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152802″/a h4 Re:What are the benefits?!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 27, 2006 11:43 PM/span /div div class=”xar-accent xar-cm-comment” encfs seems somewhat simpler. span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanpspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span is most likely stronspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaner. p a linkindex=”66″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152802″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152803″/a h4 Re:What are the benefits?!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 28, 2006 04:34 AM/span /div div class=”xar-accent xar-cm-comment” gt; Could anybody please explain me what are the benefits of usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span encfsbr /gt; in comparison with encryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span a file with span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanpspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span and then removinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span thebr /gt; orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninal?br /br /Um… well, span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span start with, you have span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span actually span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spano throuspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanh the manualbr /steps of encryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span and decryptinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span it by hand. I would imaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanine thatbr /this span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanets a bit tiresome after a while.br /br /And then, when you “remove” the orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninal, your unencrypted data isbr /still on the device until it is overwritten by later writes. p a linkindex=”67″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152803″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152804″/a h4 Re:What are the benefits?!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 28, 2006 05:11 PM/span /div div class=”xar-accent xar-cm-comment” gt; And then, when you “remove” the orispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spaninal, your unencrypted data isbr /gt; still on the device until it is overwritten by later writes.br /br /Ah, this makes sense providinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span (in the case of usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span encfs) an unencrypted file completely fits inspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span RAM. This seems span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be quite likely for text files and bispan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span amounts of RAM available nowadays. Thank you!br / p a linkindex=”68″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152804″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152805″/a h4 encFS on SuSE 10.0!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on June 30, 2006 04:36 AM/span /div div class=”xar-accent xar-cm-comment” Hello all,br /br /just wanted span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span post this hint respan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanardinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span “encfs” on Novell/SUSE 10.0:br /br /- make sure you span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanot everythinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span you need for kernel development, e.span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span. span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spancc, kernel-sources, etc.br /br /- install “openssl” from the CDbr /- install “openssl-devel” from the CDbr /- do an online-update span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span make sure the SSL libraries are up-span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span-datebr /br /- span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet the “fuse” and “fuse-devel” packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes (I used “apt-span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet” for this: “apt-span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet install fuse fuse-devel”lt;nobrgt; lt;wbrgt;lt;/nobrgt;… your mileaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane may vary!)br /br /- span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet the Source RPM for “rlospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span”: rlospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span-1.3.7-1.src.rpm (you should find it on the encfs homepaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane)br /br /- span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet the Source RPM for “encfs”: encfs-1.3.1-1.src.rpm (you should find it on the encfs homepaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane)br /br /Then, as superuser “root”, span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spano span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry inspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span which you downloaded the two *.rpm files and issue these commands :br /br /rpmbuild –rebuild rlospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span-1.3.7-1.src.rpmbr /rpmbuild –rebuild encfs-1.3.1-1.src.rpmbr /br /The above commands should produce span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanns of output. As lonspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span as it doesn’t say anythinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span like “error” everythinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span should be fine.br /br /When completed successfully, you should have two new RPM’s in this direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanry:lt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/src/packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes/RPMS/i586/br /br /There you should find “encfs-1.3.1-1.i586.rpm” and the file “rlospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span-1.3.7-1.i586.rpm”br /br /Now you can install the two with the “rpm” command:br /br /cdlt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/src/packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanes/RPMS/i586/br /rpm -ivh rlospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span-1.3.7-1.i586.rpmbr /rpm -ivh encfs-1.3.1-1.i586.rpmbr /br /Voila, “encfs” is installed and works.br /br /Respan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanards,br /br /”scorp123″ p a linkindex=”69″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152805″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152806″/a h4 Usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span Enfs on Home direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanries.!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on July 06, 2006 08:13 AM/span /div div class=”xar-accent xar-cm-comment” You can take the encfs ideas a little further and use it span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span encrypt your home direcspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanries – every user can have different encryption settinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spans.br /br /The encrypted drive can be auspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanmatically mounted as you lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span in and umounted on lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanoff.br /br /For more details see libpam_encfs.br /br /(Just don’t use ‘paranoid’ encryption as hardlinks don’t work and cause problems with libxauth)br /br /Simon. p a linkindex=”70″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152806″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152807″/a h4 fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”denied/span/span!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on Auspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanust 22, 2006 09:45 AM/span /div div class=”xar-accent xar-cm-comment” I have the same problem as:br /Not workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span herelt;nobrgt; lt;wbrgt;lt;/nobrgt;:-( (Neutral)br /By Anonymous Reader on 2006.06.26 4:17 (#89787)br /-br /when I try span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span run encfs span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span open my secure folder, I span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet:br /fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”denied/span/spanbr /fuse span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span. Common problems:br /- fuse kernel module not installed (modprobe fuse)br /- invalid options — see usaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane messaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanebr /br /I am usinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span Ubuntu 5.10. I have already added myself span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span the fuse user span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup, and checked that fusermount has span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/spans -rwsr-xr–br /br /Sometimes when I fiddle with the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup e.span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span.remove my user then re-add it, then lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span out and back in – it works! Next time I boot the machine, I’m back where I started.br /br /span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanrateful for any span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuidance. p a linkindex=”71″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152807″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152813″/a h4 Re:fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span den!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Administraspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/spanr on Auspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanust 23, 2006 02:07 AM/span /div div class=”xar-accent xar-cm-comment” Oops – fiddlinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span with the span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup members doesn’t work. Only the followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span works:br /br /sudo encfs ~/.test ~/testbr /Enter password for sysadminbr /Enter password for Encfsbr /sudo fusermount -ult;nobrgt; lt;wbrgt;lt;/nobrgt;/testbr /encfs ~/.test ~/testbr /Enter password for Encfsbr /br /I span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuess that the sysadmin privilespan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane carries over when I run encfs. I seem span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span have a span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/span problem, but do not know where span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span look span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span solve it. p a linkindex=”72″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152813″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152808″/a h4 Re:fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span den!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on September 06, 2006 09:24 PM/span /div div class=”xar-accent xar-cm-comment” Hello,br /pThere is no need span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span sudo(8). Also if you don’t specify –public span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span encfs you will not be able span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span view your files as they will be accessible only span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span root./pbr /Do you have fuse utils installed at all? Check whether fusermount is available on your system. If it is not then check which packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane in Ubuntu provides them and install it. In Debian etch the prospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanram is located in fuse-utils packaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane.br /pAt least on debian etch (currently the testinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span branch)lt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/bin/fusermount is owned by root:fuse and has span style=”background-color: yellow;”span style=”background-color: yellow;”permission/span/spans 4750, which means that you have span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be a member of the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span be able span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/spanute it. I span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanuess on Ubuntu the situation is pretty much the same. What you can do is/pblockquote divlt;ttgt;adduser lt;your usernamegt; lt;span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup of fusermountgt;lt;/ttgt;/div /blockquoteas root. Where ilt;span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup of fusermountgt;/i is the result ofblockquote divlt;ttgt;stat -c %span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanlt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/bin/fusermountlt;/ttgt;/div /blockquote on your system.br /pNote that the in-kernel list of span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup memberships is initialised at lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanin time. That means you have span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span either lospan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanin aspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanain or su lt;your usernamegt; in order for the chanspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spane span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span take effect.br //pbr /span style=”background-color: yellow;”span style=”background-color: yellow;”G/span/spanood Luck,br /br /Hrisspan style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span p a linkindex=”73″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152808″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152809″/a h4 Re:fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span den!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on September 07, 2006 03:44 AM/span /div div class=”xar-accent xar-cm-comment” The –public option doesn’t show up in “man encfs” and is not accepted as a valid option.br /br /My usercode is a member of the fuse span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup.br /br /The followinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span sequence works fine:br /sudo modprobe fusebr /Enter su passwordbr /encfs ~/.test ~/testbr /Enter Encfs passwordbr /br /I can live with that. I imaspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanine that I’m havinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span a problem because only a superuser can mount a file system.br / p a linkindex=”74″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152809″ title=”Permalink” rel=”bookmark” # /a /p /div /div div class=”xar-accent-outline xar-cm-comment” div a name=”1152810″/a h4 Re:fuse: span style=”background-color: yellow;”span style=”background-color: yellow;”failed/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”exec/span/span fusermount: span style=”background-color: yellow;”span style=”background-color: yellow;”Permission/span/span den!– #$loop:item['xar_title']# — /h4 !– show changelog — !– end changelog — span class=”xar-sub” Posted by: Anonymous Coward on February 19, 2007 08:44 AM/span /div div class=”xar-accent xar-cm-comment” span style=”background-color: yellow;”span style=”background-color: yellow;”To/span/span span style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanet it workinspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/span, I had span style=”background-color: yellow;”span style=”background-color: yellow;”to/span/span do this:br /br /chown root:fuselt;nobrgt; lt;wbrgt;lt;/nobrgt;/usr/bin/fusermountbr /addspan style=”background-color: yellow;”span style=”background-color: yellow;”g/span/spanroup fuse p a linkindex=”75″ href=”http://www.linux.com/?module=commentsfunc=displayamp;cid=1152810″ title=”Permalink” rel=”bookmark” # /a /p /div /div h4br //h4/divTechnorati Tags: a class=”performancingtags” href=”http://technorati.com/tag/Linux” rel=”tag”Linux/a, a class=”performancingtags” href=”http://technorati.com/tag/Encryption” rel=”tag”Encryption/a, a class=”performancingtags” href=”http://technorati.com/tag/Fuse” rel=”tag”Fuse/a, a class=”performancingtags” href=”http://technorati.com/tag/EncFS” rel=”tag”EncFS/a, a class=”performancingtags” href=”http://technorati.com/tag/Fedora” rel=”tag”Fedora/a