Ubuntu Security :: How To Disable Encfs
Jun 19, 2011
Set up a few machines yesterday to test out some parallel code. Just for fun, I selected the "encrypt users files" option when setting up Ubuntu (10.10). I had never used the option in years past. Now I'm finding it a pain. EG., ssh requires me to already have a login to the machine before it will let me log in w/o a password (eg., using id_rsa.pub and authorized_keys).
Similarly, I have no reason to encrypt files on these machines. They're just crunching numbers. Is there an easy way to disable this? Or do I need to delete my original user and make another one (with all the su privelages, etc...) w/o an encrypted file system / home directory.
View 1 Replies
ADVERTISEMENT
Apr 21, 2011
I have an NFS share hosted at a file server for several machines. I set up an encfs encrypted file tree in this. First, I created a directory in the NFS mounted tree where I wanted the encrypted files to be store (/home/nfs/phil/private). Second, I created a mount point where I wanted to access those files in the clear view (/home/phil/nfs-phil-private). Third I mounted encfs with the simple command "encfs /home/nfs/phil/private /phil/nfs-phil-private". During this mounting, it asked me for a pass phrase to encrypt the files with. Fourth, I copied some files into "/phil/nfs-phil-private". I saw that files with cryptic names were created in "/home/nfs/phil/private", along with a file named ".encfs6.xml".
That was on one machine named "lorentz". Then I switched to another machine named "euler". I created the same mount point here (/home/phil/nfs-phil-private). I verified that /home/nfs/phil/private already existed, as did "/home/nfs/phil/private.encfs6.xml". So I tried the same "encfs /home/nfs/phil/private /phil/nfs-phil-private" command. This time it failed. Here is all the output up to the first prompt:
Code:
15:05:23 (FileUtils.cpp:375) Archive exception: stream error
15:05:23 (FileUtils.cpp:326) Found config file /home/nfs/phil/private/.encfs6.xml, but failed to load
Creating new encrypted volume.
[code]....
The first two lines certainly appear to be some kind of error. I can cat the .encfs6.xml files just fine, so I do have permission to read it. It had not even prompted me for a password, yet. Anyone know what the deadl with this is? A possible cause is that the first encfs is version 1.6.1 (ubuntu 10.10 packaged as 1.6.1-1) and the second encfs is version 1.5.2 (ubuntu 9.10 packaged as 1.5.2-1).
View 2 Replies
View Related
Feb 24, 2010
I could not find details of what CryptKeeper was doing and I worked this out. It shows how to open and close CryptKeeper files using encfs form the command line. I hope this helps others.
Ubuntu karmic 9.10. CryptKeeper 0.9.4-1 encfs 0.5.2-1ubuntu1 also works in Mint8. Tom Morton author of CryptKeeper site: [url]
How Gnome Cryptkeeper works with encfs
In CryptKeeper create a new encrypted folder:
The directory above is created and also another hidden one called: /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs which contains one hidden file called .encfs6.xml. As you create additional folder and files in the /home/ian/aaaaaaxxxxTestCryptKeeper additional folders and files with encrypted names are created in /home/ian/aaaaaaxxxxTestCryptKeeper 4L9KBI4IeoAKOoZ,IwzVyn2VPGysXt-JCbStUej5Ewnn90. These mirror any files and folders which you create in the encrypted directory except that there names and contents are totally encrypted.
The above CryptKeeper directory can be created anywhere within the Linux file system, for example, on another partition. In each case two directories are created within the parent (in this example /home/ian/), one with the original directory name, the other preceeded with a "." and followed by "_encfs".
How to open a directory created with CryptKeeper using encfs.
Provided you copy the directory like .aaaaaaxxxxTestCryptKeeper_encfs and all its contents, it can be opened anywhere using the following command. (Note that full path names are needed.)
encfs /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs /home/ian/aaaaaaxxxxTestCryptKeeper
The mount command will then show:
If /home/ian/.aaaaaaxxxxTestCryptKeeper_encfs does not exist you will asked if you wish to create it and you will be asked for a password twice. In this case it will not be in CryptKeeper unless you then import it.)
If it is a CryptKeeper file then it appears in CryptKeeper file list as opened and can be closed from there. To close from the command line type:
Note unmount will not work for these files.
View 1 Replies
View Related
Jul 7, 2011
I'm running 11.04 (64 bit) get the following in my syslog
[Code]....
1) Why is this happening
2) How can it be fixed
3) How can it be avoided
View 3 Replies
View Related
Mar 2, 2010
[URL]
encfs: preserve timestamps on a shared encrypted folder?
View 1 Replies
View Related
Mar 3, 2010
I would like to create an encrypted folder which can be shared by users included in the users group.To do so I used encfs:
Code:
cd somewhere
sudo mkdir encrypted visible
sudo chown root:users encrypted visible
sudo chmod 770 encrypted visible
encfs /somewhere/encrypted /somewhere/visible -o allow_other -o umask='007' -o uid='0'
Now if a user (included in users) creates a new document in the visible folder, that will be
Quote:
-rwxrwx--- 1 root users 0 2010-03-02 14:19 new file
While I would like it to be
Quote:
-rwxrwx--- 1 user users 0 2010-03-02 14:19 new file
Mounting encfs without the option uid='0' gives same results with only difference that instead of root the owner is the user who mounted encfs. Also copying a file owned by different user rather than root goes to the same: for example having in my home a file like
Quote:
-rwxr-x--- 1 me users 0 2010-03-02 14:30 myfile
and trying to copy it to the encrypted shared folder with
Code:
sudo cp -a -v ~/myfile /somewhere/visible
will give something like
Quote:
cp: failed to preserve ownership for `~/myfile': Operation not permitted
And the copied file on the shared encrypted folder will be as usual:
Quote:
-rwxrwx--- 1 root users 0 2010-03-02 14:30 myfile
Is there a way to mount encfs in order to preserve ownership?
View 3 Replies
View Related
Mar 21, 2010
Is there a way for my home folder to not be automatically mounted when i log in? And for that matter a way to change the password from my log in password to something else?
View 2 Replies
View Related
Jul 13, 2010
I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
View 1 Replies
View Related
Apr 29, 2010
Right, just a quick question about rsnapshot over sshfs and encfs. I've set up an encfs filesystem, and when mounted on the remote machine remotely:
Code:
touch foo.bar
Code:
cp -al foo.bar foo.car
Works as one would expect it to.
The same is true on the local machine (The EncFS has External IV chaining disabled). However, when the remote dir is sshfs mounted on my computer here, and then encfs'd to a decrypt mount on my computer, I can move files to it, and they go over the network and get encrypted, however:
Code:
cp -al <file> <file>
No longer works, I get 'not implemented' errors...
I thought since I don't have External IV chaining this shouldn't be an issue - I've tried without any of the file chaining options, again to no effect. All work remotely, or with both locally, but not over sshfs. Is this a quirk of sshfs?
View 1 Replies
View Related
Mar 9, 2010
I need disable usb port access in ubuntu9.10. how to disable usb port in ubuntu9.10
View 9 Replies
View Related
Jun 15, 2010
I currently have a user on my Ubuntu server that I want to block completely from login. I know right now they login with SSH keys so they don't need to enter their SSH password. Can anyone tell me how to remove the SSH key login for their username and root user which I believe they use too and block SSH access alltogether.I will then just change the root SSH password.I'm terrified they will do some harm so I need them blocked out ASAP.
View 7 Replies
View Related
Aug 9, 2010
Anyone know how to disable IPv6 but still use IPv4?
View 6 Replies
View Related
Sep 3, 2010
I've made an SSH server using OpenSSH on my desktop Ubuntu (10.4) for tunneling. However, I'm noticing that the public account I made for my SSH (one to give to friends to use proxy) has SFTP access to crucial system files. I'm okay with SFTP being enabled on my account, but not on this public account. Does anyone know of anyway to either disable SFTP to that user, or restrict access to important files?
View 4 Replies
View Related
Feb 11, 2011
Is there a way to modify the ssh_config and sshd_config files so that a user can scp but will not be allowed to ssh. I have done a search and found a tool name scponly but I really do not want to install anything. Most of the books I have only discuss how to use ssh.
View 3 Replies
View Related
Mar 11, 2010
I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10
View 9 Replies
View Related
Aug 8, 2010
Inspite i have read through the sticky link but i have a query.
Example,
If you have your firefox under enforce mode in apparmor,are you still able to install an update / addon to it to a newer version.
If not,how to disable the apparmor in firefox.Is it as below?
Code:
View 9 Replies
View Related
Jan 22, 2011
I have tried everything to disable automatic login from the login screen (gdm). I've changed my password, I've changed the settings in System -> Admin ->Login Screen, and I've edited /etc/gdm/custom.conf (gdm.conf doesn't exist, but I created it just in case!).No auto login is set up, but I can't get it to ask for my password. This is affecting my ability to switch sessions, as I can't switch sessions without clicking on my name in gdm, and because it's set to auto login,
View 4 Replies
View Related
Feb 17, 2011
How do I disable showing Usernames? I want to be prompted for BOTH un and pw. If it is necessary I could just change it so that it boots into a fullscreen terminal so that you would have to input "startx" and then username and password. Or I could just change it through gui or 3rd party software.
View 7 Replies
View Related
Apr 3, 2011
having a slow internet connection, I bought the all maverick repository on DVDs, copied the files on a usb drive and modified the apt sources file to consider the local repository only:
Code:
# deb file:/var/www/ubuntu_local/ ./
deb file:/var/www/maverick/dvd1/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd2/ maverick main universe restricted multiverse
deb file:/var/www/maverick/dvd3/ maverick main universe restricted multiverse
[code]....
Even though I am reasonably sure it is safe, this local repository is not authenticated and I can only install package through the command line or synaptic, the Ubuntu Software Centre giving an error message "Requires installation of untrusted packages"...I thus would like to disable the apt authentication check for this local repository.
View 2 Replies
View Related
May 11, 2011
I wish to prevent a user account with sudo rights from mounting attached storage, i managed todo this with ubuntu Version 8 using gnome-polkit i think it was, however i'm not able todo this in 11.04 now , has anyone got a direction i can look in, i googled alot but my searches all come up with auto mounting or how to mount drives
View 1 Replies
View Related
Jun 30, 2011
my os is opensuse 11.4. I tried k-encfs, but failed. Running the .rpm file said successfully installed, but I cant find the program and running the 'install' script gives me another error message.
View 4 Replies
View Related
Apr 13, 2011
I am trying to get Encfs working on Ubuntu 10.10 with only partial success. I am using the Ubuntu package which is version 1.6.1. I am also trying to build 1.7.4 source on Ubuntu 10.10 which is failing.
First the problem with the Ubuntu package, which I realize may be fixed in 1.7.4. I am mounting a clear directory with the --reverse option to have an encrypted view of this data. This so far works, although I do not know if it really works correctly. I used rsync to copy all the encrypted data to a third directory outside of this first mounting. Then I do a second mounting (without --reverse) using that copy as the source, to make a mountpoint with a clear view of the copied encrypted files. This fails as no files show up at all.
I am doing it this way because my intended first use for Encfs is to copy an encrypted view of a local physically secured backup directory containing clear data to another remote machine where sometimes it is not physically secure. Transfer is by ssh over rsync, but that is not sufficient security for the remote machine. So the role of Encfs is to be sure the data is never in a clear state on that machine when the machine is not attended. This location is the home of the owner of the company who is not always at home. The machine is, in theory, at risk for theft when no one is at home (this is the risk we want to address). The owner will personally have the Encfs password, and may need access to some of these files. So it would be treated as an encrypted store and Encfs would be used to view it in the clear by manually mounting it that way (e.g. not with --reverse).
I am doing the test entirely on my desktop at the moment, as described above. I am using a script to carry out the entire setup of my tests, so it is fully reproducible, and that configuration can be incrementally changed as desired. I have a suspicion that certain messages resulting from the setup may indicate the problem. This is from the first mount with --reverse:
Code:
Creating new encrypted volume.
Standard configuration selected.
--reverse specified, not using unique/chained IV
Configuration finished. The filesystem to be created has
the following properties:
[Code]...
View 6 Replies
View Related
Jun 15, 2011
Whenever I mount a encfs directory to a regular directory, the regular directory disappears. this is the command I use
encfs ~/encrypted ~/plain
When I try to access the folder from my windows computer, I can not see it. What to do?
View 2 Replies
View Related
Sep 24, 2010
I opened a specific port in my router and manually configured Limewire to use the same port for all traffic, but I notice when I disable and turn off Firestarter when on limewire, my searches go really fast and dowaloads zoom really fast also I am not running as root. Is this ok to temporarly stop the firewall when I am on Limewire and then turn it back on when finished?
View 9 Replies
View Related
Sep 28, 2010
How can I disable the password request when i login? Not the password for the user but the password to connect to the net?
View 5 Replies
View Related
Feb 5, 2011
How do I prevent/disable a file from being copied?
I would want someone to be able to see the content of a directory, then open the relevant document, but just for viewing purpose. They cannot copy the file, either through copy + paste or File/Save As.
Is that possible under Ubuntu?
View 4 Replies
View Related
Mar 18, 2011
I'm the only user of my PC and as of upgrading to 10.04, I get a login screen, that requests only a password, when the PC goes idle.
View 8 Replies
View Related
Feb 17, 2011
I have two computers on my network, both are running Ubuntu 10.10. I wish to access encfs-encrypted directories on a remote computer from my local computer. I used nfs to mount the remote encrypted directory onto my local machine, and then I used encfs to decrypt. But because of nfs' use of some UID-type ownership convention rather than user:group, I have no access to the directory I just mounted.I want my local machine's software to access the files, so ssh login is probably not a solution, and I would like to avoid using encfs' --public option if possible.
View 2 Replies
View Related
May 9, 2010
Just a warning / question about Encfs on Slackware current. I doesn't work due to the upgrade to boost 1.4.2. I ran encfs on an old install of 13.0 to get at my data, but I'd prefer to access it right from current. A big warning: if you try to access your encrypted data on current it will corrupt your encfs6.xml file and I don't know if it is recoverable (I had a backup of mine).
View 5 Replies
View Related
Dec 15, 2010
I use Ubuntu on my netbook, which I uses for browsing and email. It's way faster than the Windows which came on the machine. That's a nice feature, as is the price.
I like it except for the constant, perpetual, ever-present, super-annoying need to be entering passwords and "becoming root user" and so on. I am the only one using this appliance. I don't even care if someone steals it, really. There must be some way (I hope) of disabling this idea that I am a CIA agent with TopSecret materials.
I just want a simple, easy to use appliance. If not Ubuntu, is there any distro that is aimed at normal people?
View 14 Replies
View Related
