Shared encrypted filesystem
Bill Davidsen
davidsen at tmr.com
Sat Feb 26 16:09:03 UTC 2011
Mike Wohlgemuth wrote:
> On 02/23/2011 05:04 PM, Bill Davidsen wrote:
>> You have the right idea, I want to decrypt on the client, rather than mount on
>> the server, thus the data on the server is just a file full of encrypted data,
>> and not available as clear text there. I was thinking of nbd, certainly a
>> possibility.
>>
> Would something like encfs over sshfs work for you?
>
It is an interesting idea, to mount the encrypted f/s and use encfs loclly. I
think I would use the sync option of sshfs, but it looks promising.
While I was playing, I wrote scripts to create a loop device from a file, and
format, mount, and unmount by putting a LUKS format on the loop device. I'm not
sure what the general utility of this might be, but it was fun playing, and I
can use another slot on the LUKS format to allow some users read-only access.
That's not critical for what I'm doing but might be for some future problem.
Thanks for the suggestion, it solves issues of encryption and file ownership,
and I can create a key for authorized_hosts which will allow users to operate
without a password to remember.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list