From: Hugo Mills <hugo@carfax.org.uk>
To: linux-btrfs@vger.kernel.org
Subject: Re: snapshots of encrypted directories?
Date: Thu, 14 Sep 2017 15:32:22 +0000 [thread overview]
Message-ID: <20170914153222.GC7067@carfax.org.uk> (raw)
In-Reply-To: <20170914145739.GA32347@rus.uni-stuttgart.de>
[-- Attachment #1: Type: text/plain, Size: 1666 bytes --]
On Thu, Sep 14, 2017 at 04:57:39PM +0200, Ulli Horlacher wrote:
> I use encfs on top of btrfs.
> I can create btrfs snapshots, but I have no suggestive access to the files
> in these snaspshots, because they look like:
>
> drwx------ framstag users - 2017-09-08 11:47:18 uHjprldmxo3-nSfLmcH54HMW
> drwxr-xr-x framstag users - 2017-09-08 11:47:18 wNEWaDCgyXTj0d-Myk8wXZfh
> -rw-r--r-- framstag users 377 2015-06-12 14:02:53 -zDmc7xfobKDkbl8z7oKOHxv
> -rw-r--r-- framstag users 2,367 2012-07-10 14:32:30 7pfKs27K9k5zANE4WOQEuFa2
> -rw------- framstag users 692 2009-10-20 13:45:41 8SQElYCph85kDdcFasUHybVr
> -rw------- framstag users 2,872 2017-08-31 16:21:52 bm,yNi1e4fsAClDv7lNxxSfJ
> lrwxrwxrwx framstag users - 2017-06-01 15:53:00 GZxNYI0Gy96R18fz40f7k5rl -> wvuQKHYzdFbar18fW6jjOerXk2IsS4OAA2fnHalBZjMQ,7Kw0j-zE3IJqxhmmGBN8G9
> -rw-r--r-- framstag users 182 2016-12-01 13:34:31 rqtNBbiYDym0hPMbBL-VLJZcFZu6nkNxlsjTX-sU88I4I1
>
> I have to mount the snapshot with encfs, to have access to the (decrypted)
> files.
>
> Any better ideas?
I'd say it's doing exactly what it should be doing. You're making a
copy of an encrypted data store, and the result is encrypted. In order
to read it, it needs to have the decrpytion layer applied to it with
the correct key (which is the need to mount the snapshot with encfs).
Would you _really_ want a system where the encrypted contents of a
subvolume can be decrypted by simply snapshotting it?
Hugo.
--
Hugo Mills | Great films about cricket: Umpire of the Rising Sun
hugo@... carfax.org.uk |
http://carfax.org.uk/ |
PGP: E2AB1DE4 |
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2017-09-14 15:32 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-14 14:57 snapshots of encrypted directories? Ulli Horlacher
2017-09-14 15:32 ` Hugo Mills [this message]
2017-09-15 3:45 ` Andrei Borzenkov
2017-09-15 10:01 ` Ulli Horlacher
2017-09-15 10:15 ` Peter Becker
2017-09-15 16:28 ` Ulli Horlacher
2017-09-15 17:16 ` Austin S. Hemmelgarn
2017-09-15 19:41 ` Ulli Horlacher
2017-09-18 11:45 ` Austin S. Hemmelgarn
2017-09-19 18:22 ` Dave
2017-09-15 12:35 ` Austin S. Hemmelgarn
2017-09-15 17:25 ` Andrei Borzenkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170914153222.GC7067@carfax.org.uk \
--to=hugo@carfax.org.uk \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).