Re: ecryptfs directories as nautilus mounts



On Sun, Dec 14, 2008 at 9:40 PM, Mike Rooney <mrooney ubuntu com> wrote:
> I am working on integrating ecryptfs private directories
> (https://help.ubuntu.com/community/EncryptedPrivateDirectory) into the Gnome
> desktop, and want to make mounting and unmounting (or unlocking and locking
> as we'll perhaps call it) as easy as possible.

Sorry Mike, this email totally slipped through the cracks in my inbox...

> As such something like this mock would be great:
> http://launchpadlibrarian.net/17440012/mockup.png. Andrew Walton pointed me
> towards http://library.gnome.org/devel/gio/stable/GMount.html and said it
> should be possible, but what do we need to do on the mount level for this to
> work? Currently the mount shows up as: "/home/username/.Private on
> /home/username/Private type ecryptfs
> (rw,ecryptfs_sig=xxxx,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,user=username)",
> if that is of any help.
>
> And what needs to happen on the Nautilus front, to get the banner at the top
> either in either case (I assume the custom icons in the sidebar aren't easy
> so that isn't necessary)? When the directory is "unmounted" it still exists,
> just with no contents, except for currently a symlink to the binary to mount
> it, so we want a banner like the mockup. When it is mounted then we would a
> similar one allow the user to unmount/lock it.
>
> Any comments on the idea -- thoughts, criticisms or suggestions for
> integration?
>
> Dustin, I've copied you since you are doing a lot of the underlying
> integration work and assume at the least I'll need mentoring on this. It
> seems like if we can land this then we don't want the symlink when it is
> unmounted but then the terminal ls output isn't particularly useful.

The symlink won't be necessary, if it's supported in the graphical
file browser.  The current use of the symlink is a best-effort, hack
to point the user in the right direction for getting access to their
encrypted data.

Basically, if a user's encrypted Private directory is mounted, they
can read/write their data in there as normal.  There should simply be
a mechanism for a user to unmount that ~/Private mountpoint.  The
/usr/bin/ecryptfs-umount-private should be called to do this.

If a user's encrypted Private directory is not mounted, then:
 a) the user needs to be informed of this somehow (we're doing this
now with a README.txt explaining the situation).  If this could be
handled more artistically, that would be great.
 b) the user needs to be able to perform the mount.  To do this, the
user must enter their login passphrase, this needs to be used to
unwrap the mount passphrase, the mount passphrase needs to be added to
the kernel keyring, and then the mount needs to happen.  All of this
is handled in the shell script /usr/bin/ecryptfs-mount-private.  This
is the code you would either need to call or re-implement to handle
this graphically.

Hope this helps.

Cheers,
:-Dustin



:-Dustin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]