Package: encfs Version: 1.4.2-2 Severity: normal Hi,
I'm experiencing a weird permission problem when trying to create files on a --public mounted EncFS that resides at a mdadm raid5 array. However I'm able to write and delete existing files. When I move the container to my home and mount it, everything works like it should. When I try to create a file with a non-root user (who has FS level permission to create a file) on the EncFS whose container resides at the raid I get an error saying: (FileNode.cpp:226) mknod error: Permission denied But if I move the same EncFS container to my home and mount it and try to create a file, it works. Let me show you: tri...@nas:~$ mount /dev/hda1 on / type ext3 (rw,errors=remount-ro) tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) procbususb on /proc/bus/usb type usbfs (rw) udev on /dev type tmpfs (rw,mode=0755) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620) fusectl on /sys/fs/fuse/connections type fusectl (rw) nfsd on /proc/fs/nfsd type nfsd (rw) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev) /dev/md0 on /media/raid type ext3 (rw) tri...@nas:~$ cd /media/raid/ tri...@nas:/media/raid$ tri...@nas:/media/raid$ sudo mkdir temp tri...@nas:/media/raid$ sudo chown tribat.tribat temp/ tri...@nas:/media/raid$ cd temp tri...@nas:/media/raid/temp$ sudo encfs /media/raid/temp/.crypt /media/raid/temp/crypt The directory "/media/raid/temp/.crypt/" does not exist. Should it be created? (y,n) y The directory "/media/raid/temp/crypt" does not exist. Should it be created? (y,n) y Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> Standard configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 2:1:1 Filename encoding: "nameio/block", version 3:0:1 Key Size: 192 bits Block Size: 1024 bytes Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password: tri...@nas:/media/raid/temp$ tri...@nas:/media/raid/temp$ sudo umount encfs tri...@nas:/media/raid/temp$ Mount it again on another console so we can monitor the debug output tri...@nas:~$ sudo encfs --public -fv /media/raid/temp/.crypt /media/raid/temp/crypt tri...@nas:/media/raid/temp$ ls -l total 4 drwx------ 2 root root 4096 2010-04-18 10:14 crypt tri...@nas:/media/raid/temp$ sudo chown tribat.tribat crypt/ tri...@nas:/media/raid/temp$ cd crypt/ tri...@nas:/media/raid/temp/crypt$ touch test touch: cannot touch `test': Permission denied tri...@nas:/media/raid/temp/crypt$ sudo touch testfile tri...@nas:/media/raid/temp/crypt$ tri...@nas:/media/raid/temp/crypt$ sudo chown tribat.tribat testfile tri...@nas:/media/raid/temp/crypt$ echo "Hello" > testfile tri...@nas:/media/raid/temp/crypt$ cat testfile Hello tri...@nas:/media/raid/temp/crypt$ rm testfile tri...@nas:/media/raid/temp/crypt$ So, I can write and remove existing files if I have permission to them but creating new files gives me a Permission Denied. Lets try that one more time and see what the EncFS logs spit out. tri...@nas:/media/raid/temp/crypt$ touch testfile touch: cannot touch `testfile': Permission denied (Context.cpp:119) no node found for / (DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/ (encfs.cpp:133) getattr /media/raid/temp/.crypt/ (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:133) getattr /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:192) getAttr error on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory (encfs.cpp:137) getattr error: No such file or directory (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:257) mknod on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, mode 33188, dev 0 (FileNode.cpp:226) mknod error: Permission denied (encfs.cpp:273) trying public filesystem workaround for (Context.cpp:119) no node found for (DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/ (FileNode.cpp:226) mknod error: Permission denied (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:133) getattr /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:192) getAttr error on /media/raid/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory (encfs.cpp:137) getattr error: No such file or directory Now lets try this same thing under /home/tribat/temp/ tri...@nas:/media/raid/temp$ sudo umount encfs tri...@nas:/media/raid/temp$ mkdir /home/tribat/temp tri...@nas:/media/raid/temp$ mkdir /home/tribat/temp/crypt tri...@nas:/media/raid/temp$ mv .crypt/ /home/tribat/temp/ tri...@nas:/media/raid/temp$ Again on another console we mount the container to monitor the debug output tri...@nas:~$ sudo encfs --public -fv /home/tribat/temp/.crypt /home/tribat/temp/crypt tri...@nas:/media/raid/temp$ cd /home/tribat/temp/crypt/ tri...@nas:~/temp/crypt$ touch testfile tri...@nas:~/temp/crypt$ So now all of a sudden it works. I have no idea why this is. Heres what EncFS logs said when I created the file now: (Context.cpp:119) no node found for / (DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/ (encfs.cpp:133) getattr /home/tribat/temp/.crypt/ (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:192) getAttr error on /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB: No such file or directory (encfs.cpp:137) getattr error: No such file or directory (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:257) mknod on /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, mode 33188, dev 0 (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (Context.cpp:119) no node found for /testfile (DirNode.cpp:736) created FileNode for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:130) open call for writable file (RawFileIO.cpp:152) open file with flags 32770, result = 4 (encfs.cpp:572) encfs_open for /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB, flags 34817 (Context.cpp:150) added open node record for /testfile (encfs.cpp:133) flush /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:130) open call for read only file (RawFileIO.cpp:137) using existing file descriptor (encfs.cpp:91) utimens /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (Context.cpp:113) found existing node for /testfile (encfs.cpp:133) getattr /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (encfs.cpp:133) flush /home/tribat/temp/.crypt/hiMwhC0fuIvUSzWndhQu0-iB (RawFileIO.cpp:130) open call for read only file (RawFileIO.cpp:137) using existing file descriptor (Context.cpp:168) released open node record for /testfile (Context.cpp:172) last open node closed for /testfile -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages encfs depends on: ii fuse-utils 2.7.4-1.1+lenny1 Filesystem in USErspace (utilities ii libboost-serialization1 1.34.1-14 serialization library for C++ ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libfuse2 2.7.4-1.1+lenny1 Filesystem in USErspace library ii libgcc1 1:4.3.2-1.1 GCC support library ii librlog1c2a 1.3.7-1.2 flexible message logging library ii libssl0.9.8 0.9.8g-15+lenny6 SSL shared libraries ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3 encfs recommends no packages. encfs suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
