#578233 encfs: Weird permission problems with --public

Package:
encfs
Source:
encfs
Description:
encrypted virtual filesystem
Submitter:
"FDi @ r00t3d"
Date:
2010-04-18 08:06:04 UTC
Severity:
normal
#578233#5
Date:
2010-04-18 08:02:58 UTC
From:
To:
Hi,

I'm experiencing a weird permission problem when trying to create files
on a --public mounted EncFS that resides at a mdadm raid5 array. However
I'm able to write and delete existing files. When I move the container
to my home and mount it, everything works like it should.


When I try to create a file with a non-root user (who has FS level
permission to create a file) on the EncFS whose container resides
at the raid I get an error saying:
(FileNode.cpp:226) mknod error: Permission denied

But if I move the same EncFS container to my home and mount it and
try to create a file, it works.

Let me show you:

tribat@nas:~$ mount
/dev/hda1 on / type ext3 (rw,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
/dev/md0 on /media/raid type ext3 (rw)

tribat@nas:~$ cd /media/raid/
tribat@nas:/media/raid$
tribat@nas:/media/raid$ sudo mkdir temp
tribat@nas:/media/raid$ sudo chown tribat.tribat temp/
tribat@nas:/media/raid$ cd temp
tribat@nas:/media/raid/temp$ sudo encfs /media/raid/temp/.crypt /media/raid/temp/crypt
The directory "/media/raid/temp/.crypt/" does not exist. Should it be created? (y,n) y
The directory "/media/raid/temp/crypt" does not exist. Should it be created? (y,n) y
Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>

Standard configuration selected.

Configuration finished.  The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 2:1:1
Filename encoding: "nameio/block", version 3:0:1
Key Size: 192 bits
Block Size: 1024 bytes
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.

Now you will need to enter a password for your filesystem.
You will need to remember this password, as there is absolutely
no recovery mechanism.  However, the password can be changed
later using encfsctl.

New Encfs Password:
Verify Encfs Password:
tribat@nas:/media/raid/temp$
tribat@nas:/media/raid/temp$ sudo umount encfs
tribat@nas:/media/raid/temp$


Mount it again on another console so we can monitor the debug output
tribat@nas:~$ sudo encfs --public -fv /media/raid/temp/.crypt /media/raid/temp/crypt


tribat@nas:/media/raid/temp$ ls -l
total 4
drwx------ 2 root root 4096 2010-04-18 10:14 crypt

tribat@nas:/media/raid/temp$ sudo chown tribat.tribat crypt/
tribat@nas:/media/raid/temp$ cd crypt/
tribat@nas:/media/raid/temp/crypt$ touch test
touch: cannot touch `test': Permission denied
tribat@nas:/media/raid/temp/crypt$ sudo touch testfile
tribat@nas:/media/raid/temp/crypt$
tribat@nas:/media/raid/temp/crypt$ sudo chown tribat.tribat testfile
tribat@nas:/media/raid/temp/crypt$ echo "Hello" > testfile
tribat@nas:/media/raid/temp/crypt$ cat testfile
Hello
tribat@nas:/media/raid/temp/crypt$ rm testfile
tribat@nas:/media/raid/temp/crypt$


So, I can write and remove existing files if I have permission to them but
creating new files gives me a Permission Denied. Lets try that one more
time and see what the EncFS logs spit out.


tribat@nas:/media/raid/temp/crypt$ touch testfile
touch: cannot touch `testfile': Permission denied

(Context.cpp:119) no node found for /
(DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/
(encfs.cpp:133) getattr /media/raid/temp/.crypt/
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:133) getattr /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:192) getAttr error on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory
(encfs.cpp:137) getattr error: No such file or directory
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:257) mknod on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, mode 33188, dev 0
(FileNode.cpp:226) mknod error: Permission denied
(encfs.cpp:273) trying public filesystem workaround for
(Context.cpp:119) no node found for
(DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/
(FileNode.cpp:226) mknod error: Permission denied
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:133) getattr /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:192) getAttr error on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory
(encfs.cpp:137) getattr error: No such file or directory


Now lets try this same thing under /home/tribat/temp/


tribat@nas:/media/raid/temp$ sudo umount encfs
tribat@nas:/media/raid/temp$ mkdir /home/tribat/temp
tribat@nas:/media/raid/temp$ mkdir /home/tribat/temp/crypt
tribat@nas:/media/raid/temp$ mv .crypt/ /home/tribat/temp/
tribat@nas:/media/raid/temp$


Again on another console we mount the container to monitor the debug output
tribat@nas:~$ sudo encfs --public -fv /home/tribat/temp/.crypt /home/tribat/temp/crypt


tribat@nas:/media/raid/temp$ cd /home/tribat/temp/crypt/
tribat@nas:~/temp/crypt$ touch testfile
tribat@nas:~/temp/crypt$


So now all of a sudden it works. I have no idea why this is.
Heres what EncFS logs said when I created the file now:


(Context.cpp:119) no node found for /
(DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/
(encfs.cpp:133) getattr /home/tribat/temp/.crypt/
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:192) getAttr error on /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory
(encfs.cpp:137) getattr error: No such file or directory
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:257) mknod on /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, mode 33188, dev 0
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(Context.cpp:119) no node found for /testfile
(DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:130) open call for writable file
(RawFileIO.cpp:152) open file with flags 32770, result = 4
(encfs.cpp:572) encfs_open for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, flags 34817
(Context.cpp:150) added open node record for /testfile
(encfs.cpp:133) flush /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:130) open call for read only file
(RawFileIO.cpp:137) using existing file descriptor
(encfs.cpp:91) utimens /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(Context.cpp:113) found existing node for /testfile
(encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(encfs.cpp:133) flush /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB
(RawFileIO.cpp:130) open call for read only file
(RawFileIO.cpp:137) using existing file descriptor
(Context.cpp:168) released open node record for /testfile
(Context.cpp:172) last open node closed for /testfile