14.09.2017 18:32, Hugo Mills пишет: > On Thu, Sep 14, 2017 at 04:57:39PM +0200, Ulli Horlacher wrote: >> I use encfs on top of btrfs. >> I can create btrfs snapshots, but I have no suggestive access to the files >> in these snaspshots, because they look like: >> >> drwx------ framstag users - 2017-09-08 11:47:18 >> uHjprldmxo3-nSfLmcH54HMW >> drwxr-xr-x framstag users - 2017-09-08 11:47:18 >> wNEWaDCgyXTj0d-Myk8wXZfh >> -rw-r--r-- framstag users 377 2015-06-12 14:02:53 >> -zDmc7xfobKDkbl8z7oKOHxv >> -rw-r--r-- framstag users 2,367 2012-07-10 14:32:30 >> 7pfKs27K9k5zANE4WOQEuFa2 >> -rw------- framstag users 692 2009-10-20 13:45:41 >> 8SQElYCph85kDdcFasUHybVr >> -rw------- framstag users 2,872 2017-08-31 16:21:52 >> bm,yNi1e4fsAClDv7lNxxSfJ >> lrwxrwxrwx framstag users - 2017-06-01 15:53:00 >> GZxNYI0Gy96R18fz40f7k5rl -> >> wvuQKHYzdFbar18fW6jjOerXk2IsS4OAA2fnHalBZjMQ,7Kw0j-zE3IJqxhmmGBN8G9 >> -rw-r--r-- framstag users 182 2016-12-01 13:34:31 >> rqtNBbiYDym0hPMbBL-VLJZcFZu6nkNxlsjTX-sU88I4I1 >> >> I have to mount the snapshot with encfs, to have access to the (decrypted) >> files. >> >> Any better ideas? > > I'd say it's doing exactly what it should be doing. You're making a > copy of an encrypted data store,
With all respect - snapshot is not a copy. > and the result is encrypted. In order > to read it, it needs to have the decrpytion layer applied to it with > the correct key (which is the need to mount the snapshot with encfs). > But snapshot *is* mounted implicitly as it is part of mounted btrfs filesystem. So I can see that this behavior could be rather unexpected. > Would you _really_ want a system where the encrypted contents of a > subvolume can be decrypted by simply snapshotting it? The actual question is - do you need to mount each individual btrfs subvolume when using encfs? If yes, this behavior is at least consistent. If not - how are snapshots different?
signature.asc
Description: OpenPGP digital signature