On 2013-04-23 22:11:40, Ivan Yosifov wrote:
> On Mon, Apr 22, 2013 at 2:29 AM, Christian Kujau <lists@xxxxxxxxxxxxxxx> wrote:
> > On Sun, 21 Apr 2013 at 13:54, Mike Reinstein wrote:
> >> Maybe I'm just misunderstanding the problem. Is it being suggested that the
> >> unencrypted copy of the data should be backed up over sshfs to an untrusted
> >> machine?
> >
> > No, I think the untrusted machine would hold the encrypted data, which is
> > mounted to a trusted machine, where it's then decrypted via ecryptfs.
>
> You're right, that's the idea. I want to run the crypto on the trusted
> machine and only use the untrusted one as dumb storage.
>
> I'm running arch, ecryptfs-utils 103, sshfs 2.4, kernel 3.8.8, so very
> similar to yours. Running strace was a good idea, the relevant bit is:
>
> utimensat(4, NULL, {{1366539595, 699650012}, {1366539595, 699650012}},
> 0) = -1 EPERM (Operation not permitted)
Does this happen when only using sshfs (without eCryptfs mounted on
top)?
Does this happen when only using eCryptfs (mounted locally on top of
something like ext4)?
>
> The setup that fails is thus: The sshfs is mounted by my regular user
> with -o allow_root and the ecryptfs is mounted from a root console.
>
> I tried doing both the sshfs and ecryptfs mounts by root and that
> worked. I'm assuming it's a problem if the sshfs and ecryptfs are
> "running as different users". Frankly, I'm not at all sure what
> "running as a user" means in the context of kernel code like fuse and
> ecryptfs, does this ring any bells?
Nothing like that should be a problem from eCryptfs' standpoint. I have
no idea about sshfs.
>
> Are both mounts in your setup done by a non-root user? If yes, what's
> the correct way to mount an ecryptfs as a user? I tried adding a line
> to /etc/fstab with <all the options>,user,noauto and it didn't work.
> The arch wiki (
> https://wiki.archlinux.org/index.php/ECryptfs#Mounting_.28the_hard_way.29
> ) suggests /sbin/mount.ecryptf should be suid root, but that doesn't
> make it work either.
Don't set mount.ecryptfs as setuid root. That's very bad advice.
Why didn't adding user,noauto to the fstab entry work for you? What
error message did you see? Anything relevant in the system log?
Tyler
Attachment:
signature.asc
Description: Digital signature
