davfs2 and encfs on box.com
Hello habramensh,
I want to share with you my innermost knowledge, and also to replenish my reserves. So, it all started with the fact that the project syncany.org died without being born, or, at least, judging by the activity, it will not be born soon. Since I was no longer able to wait, I decided to use the existing and working methods for organizing a remote cloud file storage (hereinafter UFH) with an open client, as well as with client-side encryption. All that is written below is related to Unix-like operating systems, so users of OS Windows can skip the following presentation.
Today, there are so many different cloud storages that it’s not so easy to understand their differences and advantages as before - during the era of the dropbox reign. For comparing services, Yandex or Googol will help, and also, to some extent, this lovingly composed and maintained tablet on Wikipedia
It was important for me to be able to mount the remote disk using standard tools or to have the client source code, and also to be able to encrypt the contents of the files myself before sending them to the remote disk. I did not want to deal with the compilation of clients, so I went through the use of standard operating system tools, thereby immediately narrowing down a subset of good and useful services.
')
After reading a couple of habrostates, I suddenly realized that some cloud storages support a remarkable extension of the hypertext HTTP protocol like WebDAV . The standard Linux tool for mounting remote web resources is davfs2 . This module is based on the FUSE module, the user space module file system. After installing the module, it must be reconfigured so that mere mortal users can mount their remote repositories. How to do this can be easily found on the Internet or read for example here . Then you need to remember to add yourself to the davfs2 group, for example like this:
Now you can proceed to a thoughtful choice of service UFH. Without thinking, I choose Box.com . Moreover, after several promotions of the service promotion, any user could get as much as 50GB of priceless disk space for free. The only drawback of the service is, perhaps, the existence of a limit on the maximum file size of 100 MB for ordinary users (freeloaders). After free registration on the service you will have such attributes as - username and password. Use them to access the file system using the web interface of the service, so purely for interest. Now you can add the following line to / etc / fstab to facilitate the UFH mount process:
Here, the FSA will be mounted to the ~ / box.com directory, which should be created first. To avoid having to enter a password every time UHF is mounted, do the following:
Here, BoxUserName and BoxPassword are the attributes that you were given when you registered for the service, remember? If you did everything correctly, then mount and test UFH as follows:
Those. now with remote (remote) files we can work as with local
It now remains to solve the problem with encryption. Not all files are useful to store in clear text on a remote server that does not belong to you. Therefore, it makes sense to create an additional remote directory in which all information will be encrypted on the fly. You can use TruCrypt, for example, and create an encrypted container in this directory, but the container size cannot exceed 100 MBytes (Box.com limit, remember?) And you have to constantly pump it all to change 2 bytes. Ie at least 200MB of traffic due to 2 bytes! This is where encfs comes to the rescue . The advantage of encfs is that it works as an extra layer on an already existing file system, and therefore allows you to work with individual files, without having to send the entire encrypted container.
After installing encfs and adding yourself to the fuse group
You can start creating an encrypted directory in UFH:
You will be asked a few quick-thinking questions, and will also offer to enter a password to the encrypted directory being created. From the point of view of banal erudition, this password should not coincide with the password that you received when registering at Box.com service. If everything went well, then you can test the work of all services at the same time as follows:
At the exit (that is, in the UFH subdirectory) there should be something like this:
Thus, any file operations with files from the local ~ / box.com.crypt directory will be automatically encrypted and sent to UFH.
Now it remains to learn how to automatically mount an encrypted partition, after davfs was mounted. After several free hours spent searching on the Internet, I could not figure out how to get a message in Linux from the system that some file system was mounted. The only possible option was to monitor changes to the / proc / mounts file using incrond and a filter script. I didn’t want to mess with this, so a simple script was written:
So that the script all the time did not request a password to the encrypted partition, I did the following:
Thus, encfs reads this password using the --extpass parameter.
So without finding the right way to create an icon on the desktop on Linux to mount the unmount file system, I simply created a launcher icon that runs the above script and mounts / unmounts the UFH file system and its encrypted partition.
If the mount / unmount operation is successful, the script will show a message like this:
PS: Users of Ubuntu, as well as its derivatives, can install davfs2 and encfs directly from the Ubuntu Software Center.
Edit 1: do not consider the article an advertisement for a specific UFH service, just Box.com came across first. You can use any service that has access via WebDAV, for example, Yandex.Disk (poison gives 10GB for free)
Edit 2: I slightly modified the script for automatic mount UFH, so that it is more versatile and allows you to set a service as a parameter. In order not to make major changes to the original article, I put the script source here
I want to share with you my innermost knowledge, and also to replenish my reserves. So, it all started with the fact that the project syncany.org died without being born, or, at least, judging by the activity, it will not be born soon. Since I was no longer able to wait, I decided to use the existing and working methods for organizing a remote cloud file storage (hereinafter UFH) with an open client, as well as with client-side encryption. All that is written below is related to Unix-like operating systems, so users of OS Windows can skip the following presentation.
Introduction
Today, there are so many different cloud storages that it’s not so easy to understand their differences and advantages as before - during the era of the dropbox reign. For comparing services, Yandex or Googol will help, and also, to some extent, this lovingly composed and maintained tablet on Wikipedia
It was important for me to be able to mount the remote disk using standard tools or to have the client source code, and also to be able to encrypt the contents of the files myself before sending them to the remote disk. I did not want to deal with the compilation of clients, so I went through the use of standard operating system tools, thereby immediately narrowing down a subset of good and useful services.
')
Part One: Mount UFH
After reading a couple of habrostates, I suddenly realized that some cloud storages support a remarkable extension of the hypertext HTTP protocol like WebDAV . The standard Linux tool for mounting remote web resources is davfs2 . This module is based on the FUSE module, the user space module file system. After installing the module, it must be reconfigured so that mere mortal users can mount their remote repositories. How to do this can be easily found on the Internet or read for example here . Then you need to remember to add yourself to the davfs2 group, for example like this:
sudo adduser IchBins davfs2 Now you can proceed to a thoughtful choice of service UFH. Without thinking, I choose Box.com . Moreover, after several promotions of the service promotion, any user could get as much as 50GB of priceless disk space for free. The only drawback of the service is, perhaps, the existence of a limit on the maximum file size of 100 MB for ordinary users (freeloaders). After free registration on the service you will have such attributes as - username and password. Use them to access the file system using the web interface of the service, so purely for interest. Now you can add the following line to / etc / fstab to facilitate the UFH mount process:
https://www.box.com/dav/ /home/IchBins/box.com davfs noauto,user 0 0 Here, the FSA will be mounted to the ~ / box.com directory, which should be created first. To avoid having to enter a password every time UHF is mounted, do the following:
mkdir ~/.davfs2 cp /etc/davfs2/davfs2.conf ~/.davfs2 echo "use_locks 0" >> ~/.davfs2/davfs2.conf echo "https://www.box.com/dav BoxUserName BoxPassword" > ~/.davfs2/secrets chmod 600 ~/.davfs2/secrets Here, BoxUserName and BoxPassword are the attributes that you were given when you registered for the service, remember? If you did everything correctly, then mount and test UFH as follows:
mount /home/ichbins/box.com echo "Eine Datei zum testen" > ~/box.com/testfile.txt cat ~/box.com/testfile.txt Those. now with remote (remote) files we can work as with local
Part Two: Encrypted
It now remains to solve the problem with encryption. Not all files are useful to store in clear text on a remote server that does not belong to you. Therefore, it makes sense to create an additional remote directory in which all information will be encrypted on the fly. You can use TruCrypt, for example, and create an encrypted container in this directory, but the container size cannot exceed 100 MBytes (Box.com limit, remember?) And you have to constantly pump it all to change 2 bytes. Ie at least 200MB of traffic due to 2 bytes! This is where encfs comes to the rescue . The advantage of encfs is that it works as an extra layer on an already existing file system, and therefore allows you to work with individual files, without having to send the entire encrypted container.
After installing encfs and adding yourself to the fuse group
sudo adduser IchBins fuse You can start creating an encrypted directory in UFH:
mkdir ~/box.com/crypt # mkdir ~/box.com.crypt # encfs /home/IchBins/box.com/crypt /home/IchBins/box.com.crypt # ~ , You will be asked a few quick-thinking questions, and will also offer to enter a password to the encrypted directory being created. From the point of view of banal erudition, this password should not coincide with the password that you received when registering at Box.com service. If everything went well, then you can test the work of all services at the same time as follows:
cat /etc/passwd > ~/box.com.crypt/mypasswd ls -la ~/box.com/crypt At the exit (that is, in the UFH subdirectory) there should be something like this:
ichbins@xubuntu:~$ ls -la ~/box.com/crypt/ total 1.7K -rw-rw-r-- 1 ichbins ichbins 1.7K May 13 15:25 FPcfOjww7ZzucMGSMgncWXEt drwxr-xr-x 2 ichbins ichbins 368 May 13 15:25 ./ drwxr-xr-x 5 ichbins ichbins 136 May 13 15:25 ../ -rw-r--r-- 1 ichbins ichbins 1.1K Apr 14 23:24 .encfs6.xml Thus, any file operations with files from the local ~ / box.com.crypt directory will be automatically encrypted and sent to UFH.
Part 3: Mount everything automatically.
Now it remains to learn how to automatically mount an encrypted partition, after davfs was mounted. After several free hours spent searching on the Internet, I could not figure out how to get a message in Linux from the system that some file system was mounted. The only possible option was to monitor changes to the / proc / mounts file using incrond and a filter script. I didn’t want to mess with this, so a simple script was written:
cat ~/mount.box.com #!/bin/sh userhome=/home/IchBins service=box.com isdavmounted=$(mount | grep $service | grep davfs) isencmounted=$(mount | grep $service | grep encfs) if [ -n "$isencmounted" -o -n "$isdavmounted" ]; then #unmount [ -n "$isencmounted" ] && { fusermount -u "/${userhome}/${service}.crypt" && msg="Encfs," } [ -n "$isdavmounted" ] && { umount "/${userhome}/${service}" && msg="${msg}Davfs " } if [ -n "$msg" ]; then notify-send -u low -i info "$service unmounting" "$msg unmouned successfuly!" else notify-send -u low -i error "$service unmounting" "Failed to unmouned $service!" fi else #mount mount /${userhome}/box.com && { msg="Davfs," encfs --extpass="cat ~/.encfs/$service" /${userhome}/box.com/crypt /${userhome}/box.com.crypt/ && { msg="${msg}Encfs " } } if [ -n "$msg" ]; then notify-send -u low -i info "$service mounting" "$msg mouned successfuly!" else notify-send -u low -i error "$service mounting" "Failed to mouned $service!" fi fi So that the script all the time did not request a password to the encrypted partition, I did the following:
mkdir ~/.encfs echo "EncfPass" > ~/.encfs/box.com chmod 600 ~/.encfs/box.com Thus, encfs reads this password using the --extpass parameter.
So without finding the right way to create an icon on the desktop on Linux to mount the unmount file system, I simply created a launcher icon that runs the above script and mounts / unmounts the UFH file system and its encrypted partition.
If the mount / unmount operation is successful, the script will show a message like this:
PS: Users of Ubuntu, as well as its derivatives, can install davfs2 and encfs directly from the Ubuntu Software Center.
Edit 1: do not consider the article an advertisement for a specific UFH service, just Box.com came across first. You can use any service that has access via WebDAV, for example, Yandex.Disk (poison gives 10GB for free)
Edit 2: I slightly modified the script for automatic mount UFH, so that it is more versatile and allows you to set a service as a parameter. In order not to make major changes to the original article, I put the script source here
Source: https://habr.com/ru/post/143821/
All Articles