NFS - corrupt files?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

NFS - corrupt files?

Matthias Rieber
Hi,

I'm using FUSE 2.3.0 with ENCFS 1.2.2 and Kernel 2.6.11.X
Fuse and encfs are working as expected. After I upgrade to kernel 2.6 I
tried to export an encrypted fs with nfs. It seems to work, but the
transmitted files were coruppted. The nfs transfer without fuse/encfs is
flawless. At least, the md5sum of a 75MB big file is the same, which never
happens when I copy it from an encfs directory.

Is this a know issue? If not, what information do you need to find the
failure.

matthias




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Valient Gough

I'm adding the encfs-users mailinglist, since other encfs users have have an
idea -- unless you know for certain the problem is within FUSE..

Just to be clear -- encfs is running on the local system, and nfs is exporting
the resulting encfs filesystem (plaintext data)?   Or are you having nfs
export enciphered data and then running encfs on the remote system to
decipher the data?

Also, have you specified any additional FUSE flags to encfs?  By default, FUSE
filesystems are only visible to the owner.  I don't use NFS - does it always
access the data as the user, or does it need to access the filesystem as root
(in which case you need to tell FUSE to allow root access)?

regards,
Valient

On Sunday 12 June 2005 18:24, Matthias Rieber wrote:

> Hi,
>
> I'm using FUSE 2.3.0 with ENCFS 1.2.2 and Kernel 2.6.11.X
> Fuse and encfs are working as expected. After I upgrade to kernel 2.6 I
> tried to export an encrypted fs with nfs. It seems to work, but the
> transmitted files were coruppted. The nfs transfer without fuse/encfs is
> flawless. At least, the md5sum of a 75MB big file is the same, which never
> happens when I copy it from an encfs directory.
>
> Is this a know issue? If not, what information do you need to find the
> failure.
>
> matthias


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Matthias Rieber
Hi,


> I'm adding the encfs-users mailinglist, since other encfs users have
have
> an
> idea -- unless you know for certain the problem is within FUSE..
>
> Just to be clear -- encfs is running on the local system, and nfs is
exporting

yes.

> the resulting encfs filesystem (plaintext data)?   Or are you having nfs
export enciphered data and then running encfs on the remote system to
decipher the data?

no. Maybe I should try that, but I'm a bit afraid of file locking problems
and damaging the encrypted files.

> Also, have you specified any additional FUSE flags to encfs?  By
default,
> FUSE
> filesystems are only visible to the owner.  I don't use NFS - does it
always
> access the data as the user, or does it need to access the filesystem as
root
> (in which case you need to tell FUSE to allow root access)?

yes, I use the option -o allow_other

matthias






-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Joseph Cohen
doesn't fuse exist in userland and nfs in kernel land? and thus nfs
will export the encrypted version of the data not the unencrypted
version since its operating at a lower level?

On 6/12/05, Matthias Rieber <[hidden email]> wrote:

> Hi,
>
>
> > I'm adding the encfs-users mailinglist, since other encfs users have
> have
> > an
> > idea -- unless you know for certain the problem is within FUSE..
> >
> > Just to be clear -- encfs is running on the local system, and nfs is
> exporting
>
> yes.
>
> > the resulting encfs filesystem (plaintext data)?   Or are you having nfs
> export enciphered data and then running encfs on the remote system to
> decipher the data?
>
> no. Maybe I should try that, but I'm a bit afraid of file locking problems
> and damaging the encrypted files.
>
> > Also, have you specified any additional FUSE flags to encfs?  By
> default,
> > FUSE
> > filesystems are only visible to the owner.  I don't use NFS - does it
> always
> > access the data as the user, or does it need to access the filesystem as
> root
> > (in which case you need to tell FUSE to allow root access)?
>
> yes, I use the option -o allow_other
>
> matthias
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
> a projector? How fast can you ride your desk chair down the office luge track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
> _______________________________________________
> fuse-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/fuse-devel
>


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r 
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Matthias Rieber
Hi,

> doesn't fuse exist in userland and nfs in kernel land? and thus nfs

I think so.

> will export the encrypted version of the data not the unencrypted
> version since its operating at a lower level?

no, the exported data is unencrypted. FUSE officially supports NFS with
kernel 2.6 (except some stale file issues). I see that the files are
unencrypted but damaged.

I'll try another FUSE filesystem to see if it's a encfs or fuse problem.

matthias




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Valient Gough
In reply to this post by Matthias Rieber

So can I correctly characterize the data flow in the test setup as:
        local server FS -> encfs -> FUSE -> NFS server
                -> NFS client -> cp -> local client FS

Or is encfs being run on top of another type of filesystem (like an NFS
mount)?

On Sunday 12 June 2005 22:36, Matthias Rieber wrote:

> > the resulting encfs filesystem (plaintext data)?   Or are you having nfs
> > export enciphered data and then running encfs on the remote system to
> > decipher the data?
>
> no. Maybe I should try that, but I'm a bit afraid of file locking problems
> and damaging the encrypted files.

From a security standpoint, it is usually better to have the client handle the
encryption, rather then the server..

If there is a problem with the interaction between NFS and FUSE, then this may
avoid that problem.  If you export the encrypted data through NFS, then
you're just exporting a normal filesystem, so no NFS <-> FUSE interaction on
the server.  

The data flow would then look like:
        local server FS -> NFS server
                -> NFS client -> encfs -> FUSE -> cp -> local clientFS
       
Of course this doesn't help finding the source of the problem, just an idea
for a workaround.

regards,
Valient


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r 
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: NFS - corrupt files?

Matthias Rieber
Hi,

>
> So can I correctly characterize the data flow in the test setup as:
> local server FS -> encfs -> FUSE -> NFS server
> -> NFS client -> cp -> local client FS

correct!

> Or is encfs being run on top of another type of filesystem (like an NFS
> mount)?

no, but:

I export /mnt/foo and /mnt/foo/decryptetfs
And mount /mnt/foo and then, withing foo I mount /mnt/foo/decryptetfs. But
it should not make any difference.

> The data flow would then look like:
> local server FS -> NFS server
> -> NFS client -> encfs -> FUSE -> cp -> local clientFS
>
> Of course this doesn't help finding the source of the problem, just an
> idea
> for a workaround.

I'll gonna try this.

matthias




-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.  
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
fuse-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/fuse-devel
Loading...