Re: Ecryptfs over sshfs and timestamps

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Tyler Hicks <tyhicks@canonical.com>
To: Ivan Yosifov <iyosifov@gmail.com>
Cc: Christian Kujau <lists@nerdbynature.de>,
	Mike Reinstein <reinstein.mike@gmail.com>,
	ecryptfs@vger.kernel.org
Subject: Re: Ecryptfs over sshfs and timestamps
Date: Sun, 28 Apr 2013 18:27:11 -0700	[thread overview]
Message-ID: <20130429012711.GA4925@boyd> (raw)
In-Reply-To: <CAHHtCV8PCU0v=96Oj8pP3seyh-out_2F=24ekBFio1k1zTwK6g@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2196 bytes --]

On 2013-04-24 21:59:05, Ivan Yosifov wrote:
> Sorry, the mail got sent incomplete, resending:
> 
> > Does this happen when only using sshfs (without eCryptfs mounted on
> > top)?
> 
> No, cp --preserve=timestamps to sshfs alone works.
> 
> > Does this happen when only using eCryptfs (mounted locally on top of
> > something like ext4)?
> 
> No, cp --preserve=timestamps to ecryptfs on top of ext4 works too.
> 
> > Nothing like that should be a problem from eCryptfs' standpoint. I have
> > no idea about sshfs.
> 
> Well, the existence of the allow_root and allow_other sshfs options
> suggest it somehow cares.
> 
> > Why didn't adding user,noauto to the fstab entry work for you? What
> > error message did you see? Anything relevant in the system log?
> 
> For example, I just tried with the following line (the key '1' is
> obviously just for testing):
> 
> /home/obelix/evil_host /home/obelix/bak ecryptfs
> user,noauto,verbose,key=passphrase:passphrase_passwd=1 0 0
> 
> I got:
> 
> $ mount ./bak
> Exiting. Unable to obtain passwd info
> 
> I didn't get anything written to /var/log/messages.log or dmesg.
> 
> If I run the mount as root, I get asked for the other parameters and
> in the end it mounts.
> I tried with a more comprehensive fstab line too:
> 
> /home/obelix/evil_host /home/obelix/bak ecryptfs
> user,noauto,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,verbose,key=passphrase:passphrase_passwd=1,ecryptfs_passthrough,ecryptfs_enable_filename_crypto=n
> 0 0
> 
> This mounts as root without asking any questions and fails as user
> with the same error.

It is typically easier to manually perform the mount once, then take
note of the mount options listed in /proc/mounts, add an entry to fstab,
then bypass the eCryptfs mount helper when performing mounts.

So, your fstab entry might look something like this:

/tmp/ecryptfs /tmp/ecryptfs ecryptfs ecryptfs_sig=253ca7e88811d184,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,defaults,users,noauto 0 0

Adjust the ecryptfs_sig= value accordingly.

Now, do a mount that bypasses the eCryptfs mount helper by using the -i
mount option.

$ mount -i /tmp/ecryptfs

Tyler

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

next prev parent reply	other threads:[~2013-04-29  1:27 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-21 10:30 Ecryptfs over sshfs and timestamps Ivan Yosifov
2013-04-21 20:32 ` Christian Kujau
     [not found]   ` <CAM-DUcOrs3vws+Vt9BWw29da8M_1LRwkrPHPF_eUc3Mz2a7ZaQ@mail.gmail.com>
2013-04-21 23:29     ` Christian Kujau
2013-04-23 19:11       ` Ivan Yosifov
2013-04-23 19:30         ` Tyler Hicks
2013-04-24 18:45           ` Ivan Yosifov
2013-04-24 18:59             ` Ivan Yosifov
2013-04-29  1:27               ` Tyler Hicks [this message]
2013-05-03  6:55                 ` Ivan Yosifov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130429012711.GA4925@boyd \
    --to=tyhicks@canonical.com \
    --cc=ecryptfs@vger.kernel.org \
    --cc=iyosifov@gmail.com \
    --cc=lists@nerdbynature.de \
    --cc=reinstein.mike@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.