Hello, i'm experiencing problems related to the combination of ecryptfs and cifs. Due to the lack of encryption on cifs, i decided to mount a remote share and encrypt the traffic with ecryptfs. my setup: systems: Ubuntu Ubuntu 18.04 (4.15.0-33-generic) folders: /opt/backup/remote/ - ecryptfs main folder /opt/backup/remote-encrypted/ - cifs folder fstab: //XXXXXXX/backup /opt/backup/remote-encrypted/ cifs defaults,_netdev,username=XXXXX,password=XXXXXX 0 0 /opt/backup/remote-encrypted/ /opt/backup/remote/ ecryptfs defaults,noatime,nodiratime,_netdev,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_enable_filename_crypto=n,ecryptfs_passthrough=n,ecryptfs_sig=XXXXXX,no_sig_cache,key=passphrase:passphrase_passwd=XXXXXXXXXXXXXX 0 0 remote cifs server: seems to be a proftpd with mod_sftp (with CIFS Unix Extensions), but i can not determine its version. Its the backup server from my ISP (Hetzner) I took a deep look at whats going on and it seems that ecryptfs always opens a readonly file with read-write access. Therefore cifs issues a read-write request against the cifs server and the server will always deny it, because the file is marked as readonly. If the ecryptfs mointpoint is mounted readonly, the read access to the corresponding file will succeed. It looks like ecryptfs does not care about the permissions of the encrypted file and it will open it with read-write regardless which mode is requested. steps to reproduce this (FYI, sudoers permissions are 0440) root@backuptest:~# rsync /etc/sudoers /opt/backup/remote/rsnapshot/ && umount /opt/backup/remote* && mount -a root@backuptest:~# cat /opt/backup/remote/rsnapshot/sudoers [14144.024849] Error opening lower file for lower_dentry [0xffff880078086480] and lower_mnt [0xffff880078882320]; rc = [-13] [14144.024873] ecryptfs_i_size_read: Error attempting to initialize the lower file for the dentry with name [sudoers]; rc = [-13] cat: /opt/backup/remote/rsnapshot/sudoers: Permission denied any idea whats wrong with ecryptfs or with my settings? Thank you in advance Hajo
