On Mon, Apr 22, 2013 at 2:29 AM, Christian Kujau <lists@xxxxxxxxxxxxxxx> wrote:
> On Sun, 21 Apr 2013 at 13:54, Mike Reinstein wrote:
>> Maybe I'm just misunderstanding the problem. Is it being suggested that the
>> unencrypted copy of the data should be backed up over sshfs to an untrusted
>> machine?
>
> No, I think the untrusted machine would hold the encrypted data, which is
> mounted to a trusted machine, where it's then decrypted via ecryptfs.
You're right, that's the idea. I want to run the crypto on the trusted
machine and only use the untrusted one as dumb storage.
I'm running arch, ecryptfs-utils 103, sshfs 2.4, kernel 3.8.8, so very
similar to yours. Running strace was a good idea, the relevant bit is:
utimensat(4, NULL, {{1366539595, 699650012}, {1366539595, 699650012}},
0) = -1 EPERM (Operation not permitted)
The setup that fails is thus: The sshfs is mounted by my regular user
with -o allow_root and the ecryptfs is mounted from a root console.
I tried doing both the sshfs and ecryptfs mounts by root and that
worked. I'm assuming it's a problem if the sshfs and ecryptfs are
"running as different users". Frankly, I'm not at all sure what
"running as a user" means in the context of kernel code like fuse and
ecryptfs, does this ring any bells?
Are both mounts in your setup done by a non-root user? If yes, what's
the correct way to mount an ecryptfs as a user? I tried adding a line
to /etc/fstab with <all the options>,user,noauto and it didn't work.
The arch wiki (
https://wiki.archlinux.org/index.php/ECryptfs#Mounting_.28the_hard_way.29
) suggests /sbin/mount.ecryptf should be suid root, but that doesn't
make it work either.
--
To unsubscribe from this list: send the line "unsubscribe ecryptfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
