On Thu, Sep 14, 2017 at 04:57:39PM +0200, Ulli Horlacher wrote: > I use encfs on top of btrfs. > I can create btrfs snapshots, but I have no suggestive access to the files > in these snaspshots, because they look like: > > drwx------ framstag users - 2017-09-08 11:47:18 > uHjprldmxo3-nSfLmcH54HMW > drwxr-xr-x framstag users - 2017-09-08 11:47:18 > wNEWaDCgyXTj0d-Myk8wXZfh > -rw-r--r-- framstag users 377 2015-06-12 14:02:53 > -zDmc7xfobKDkbl8z7oKOHxv > -rw-r--r-- framstag users 2,367 2012-07-10 14:32:30 > 7pfKs27K9k5zANE4WOQEuFa2 > -rw------- framstag users 692 2009-10-20 13:45:41 > 8SQElYCph85kDdcFasUHybVr > -rw------- framstag users 2,872 2017-08-31 16:21:52 > bm,yNi1e4fsAClDv7lNxxSfJ > lrwxrwxrwx framstag users - 2017-06-01 15:53:00 > GZxNYI0Gy96R18fz40f7k5rl -> > wvuQKHYzdFbar18fW6jjOerXk2IsS4OAA2fnHalBZjMQ,7Kw0j-zE3IJqxhmmGBN8G9 > -rw-r--r-- framstag users 182 2016-12-01 13:34:31 > rqtNBbiYDym0hPMbBL-VLJZcFZu6nkNxlsjTX-sU88I4I1 > > I have to mount the snapshot with encfs, to have access to the (decrypted) > files. > > Any better ideas?
I'd say it's doing exactly what it should be doing. You're making a copy of an encrypted data store, and the result is encrypted. In order to read it, it needs to have the decrpytion layer applied to it with the correct key (which is the need to mount the snapshot with encfs). Would you _really_ want a system where the encrypted contents of a subvolume can be decrypted by simply snapshotting it? Hugo. -- Hugo Mills | Great films about cricket: Umpire of the Rising Sun hugo@... carfax.org.uk | http://carfax.org.uk/ | PGP: E2AB1DE4 |
signature.asc
Description: Digital signature
