WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: encFS - a simple way to encrypt dropbox folders  (Read 8892 times)

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1027
encFS - a simple way to encrypt dropbox folders
« on: October 31, 2012, 10:40:33 AM »
hi friends,

dropbox can be very convenient, but do you think it's secure?
a way to use dropbox in a more secure way is to use an encFS-encrypted container.
encFS is lean and clean.
my longterm experience with encFS is very positive, cause it's stable and easy to use.

is there a volunteer who would be so kind to package encFS?

thank you for your help and your commitment.
« Last Edit: October 31, 2012, 10:45:10 AM by netnomad »

Offline caminati

  • Full Member
  • ***
  • Posts: 180
    • Homepage
Re: encFS - a simple way to encrypt dropbox folders
« Reply #1 on: October 31, 2012, 01:59:14 PM »

is there a volunteer who would be so kind to package encFS?

I have packaged encfs.tcz for personal successful use. Yes, it is nice software (apart from boost dependency).
However, each time I have to chown tc /dev/fuse, or encfs won't work.
Basically, the problem is that /dev/fuse has not the right owner or permissions, probably due to a bug with udev rules.
I don't have udev knowledge to track down the issue, nor the time to build such knowledge.

So I refrained from submitting encfs up to now.
Any suggestion?

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 10239
Re: encFS - a simple way to encrypt dropbox folders
« Reply #2 on: November 01, 2012, 03:53:25 AM »
The default udev rules set fuse to 666 root:root, and mount fusectl. We haven't changed that.

What does encfs want it to be?
The only barriers that can stop you are the ones you create yourself.

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 7930
Re: encFS - a simple way to encrypt dropbox folders
« Reply #3 on: November 01, 2012, 06:36:50 AM »
Hi curaga
Quote
What does encfs want it to be?
I did a little Googling last night on fuse, and I think it's supposed to be  root/fuse 660, and the user is supposed to
be added to group fuse.
I'm running TC4.1, and my machine shows  /dev/fuse  is  root/root 600

Offline caminati

  • Full Member
  • ***
  • Posts: 180
    • Homepage
Re: encFS - a simple way to encrypt dropbox folders
« Reply #4 on: November 01, 2012, 06:57:06 AM »
I'm running TC4.1, and my machine shows  /dev/fuse  is  root/root 600

I have TC4.6.1, and my /dev/fuse has exactly the same attributes as Rich's.
Some trial and error shows that encfs works, without chowning, by doing chmod o+rw (resulting in a 606).

The encfs error message is:
Code: [Select]
fuse: failed to open /dev/fuse: Permission denied
fuse failed.  Common problems:
 - fuse kernel module not installed (modprobe fuse)
 - invalid options -- see usage message,
which is quoted also here:
https://answers.launchpad.net/encfs/+question/22951
and here:
http://lists.debian.org/debian-user/2011/10/msg00530.html.

Applying the solution
Code: [Select]
sudo addgroup fuse
sudo addgroup tc fuse
didn't solve the problem. But maybe I have to check build parameters for encfs.

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 7930
Re: encFS - a simple way to encrypt dropbox folders
« Reply #5 on: November 01, 2012, 09:46:44 AM »
Hi caminati
Your first solution works because you made /dev/fuse accessible to all users.
Your second solution was close, you still need to:
Code: [Select]
sudo chown root:fuse /dev/fuse

Offline AmatCoder

  • Full Member
  • ***
  • Posts: 179
    • AmatCoder Projects
Re: encFS - a simple way to encrypt dropbox folders
« Reply #6 on: November 01, 2012, 12:42:31 PM »
When fuse.tcz is loaded, you must do this:

Code: [Select]
tc@box:~$ sudo udevadm control --reload-rules
Perhaps this code should be added into /tce.installed/fuse script...

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: encFS - a simple way to encrypt dropbox folders
« Reply #7 on: November 01, 2012, 01:57:53 PM »
When fuse.tcz is loaded, you must do this:

Code: [Select]
tc@box:~$ sudo udevadm control --reload-rules
Perhaps this code should be added into /tce.installed/fuse script...

Do you refer to specific application making use of fuse, or in general for fuse?
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline AmatCoder

  • Full Member
  • ***
  • Posts: 179
    • AmatCoder Projects
Re: encFS - a simple way to encrypt dropbox folders
« Reply #8 on: November 01, 2012, 02:13:18 PM »
In general. Right now, udev fuse rules (see 99-fuse.rules file which comes with fuse extension) are not applied until rules are reloaded.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: encFS - a simple way to encrypt dropbox folders
« Reply #9 on: November 01, 2012, 04:55:47 PM »
When fuse.tcz is loaded, you must do this:

Code: [Select]
tc@box:~$ sudo udevadm control --reload-rules
Perhaps this code should be added into /tce.installed/fuse script...

Or in other case should be worth mentioning in info file at least
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline AmatCoder

  • Full Member
  • ***
  • Posts: 179
    • AmatCoder Projects
Re: encFS - a simple way to encrypt dropbox folders
« Reply #10 on: November 01, 2012, 05:43:34 PM »
hmm, actually it requires:

Code: [Select]
tc@box:~$ sudo udevadm control --reload-rules
tc@box:~$ sudo udevadm trigger --action=change --sysname-match=fuse

because /dev/fuse is created at boot time and /udevadm control --reload-rules/ does not apply any changes to already existing devices...

Offline caminati

  • Full Member
  • ***
  • Posts: 180
    • Homepage
Re: encFS - a simple way to encrypt dropbox folders
« Reply #11 on: November 02, 2012, 04:39:58 AM »
Hi caminati
Your first solution works because you made /dev/fuse accessible to all users.
Your second solution was close, you still need to:
Code: [Select]
sudo chown root:fuse /dev/fuse

Yes, it was implied that I also chowned: however, that doesn't solve the issue.
By the way, it seems that the problem is absent before i tce-load -i firmware.tcz, probably because its initialization script does
Code: [Select]
udevadm trigger.
hmm, actually it requires:

Code: [Select]
tc@box:~$ sudo udevadm control --reload-rules
tc@box:~$ sudo udevadm trigger --action=change --sysname-match=fuse

because /dev/fuse is created at boot time and /udevadm control --reload-rules/ does not apply any changes to already existing devices...

This works for me.
Is there any reason not to include the above udevadm commands in fuse.tcz's tce.install?
Should we PM Daniel Barnes?
For the moment I have submitted encfs.tcz with those commands suggested in info file.
« Last Edit: November 02, 2012, 06:47:06 AM by caminati »

Online Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 7930
Re: encFS - a simple way to encrypt dropbox folders
« Reply #12 on: November 02, 2012, 06:08:45 AM »
Hi caminati
Since the  99-fuse.rules file  is supplied with this extension, the tce.install script should probably make sure the
rules are initiated.

Offline caminati

  • Full Member
  • ***
  • Posts: 180
    • Homepage
Re: encFS - a simple way to encrypt dropbox folders
« Reply #13 on: November 02, 2012, 06:53:44 AM »
Hi caminati
Since the  99-fuse.rules file  is supplied with this extension, the tce.install script should probably make sure the
rules are initiated.

I'm afraid I don't understand the term initiated here.
Is it udev jargon?
Do you mean that you agree tce.install script in fuse.tcz should be added AmatCoder's commands?

Online Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 12241
Re: encFS - a simple way to encrypt dropbox folders
« Reply #14 on: November 02, 2012, 07:11:19 AM »
no, since the fuse udev rules are in your extension, the script needs to be in your extension