** Changed in: ecryptfs
Status: In Progress => Triaged
** Changed in: ecryptfs-utils (Ubuntu)
Status: In Progress => Triaged
--
Suggestion: GUI frontend(s) for ecryptfs-utils
https://bugs.launchpad.net/bugs/257901
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in eCryptfs - Enterprise Cryptographic Filesystem: Triaged
Status in “ecryptfs-utils” package in Ubuntu: Triaged
Status in “ecryptfs-utils” package in Debian: Unknown
Bug description:
Binary package hint: ecryptfs-utils
This is a request from the user, suggested in the Discussion section of the
EncryptedPrivateDirectory specification:
* https://wiki.ubuntu.com/EncryptedPrivateDirectory
This suggestion has been moved here, as a wishlist bug.
Below is the text of the discussion, copied and pasted from that wiki page:
----
markc-qsiuk says:
* I hope there will also be an option for the ~/Private directory to ''not''
be mounted at login, together with a user-friendly mechanism to (un)mount it
explicitly when needed. As it stands at the moment, some hypothetical future
browser exploit could simply harvest any files in ~/Private knowing that
they're likely to contain usernames and passwords. As the browser is running
under the auspices of the user, it would be able to read the content of the
~/Private directory. I'd rather leave my private data encrypted, and just mount
the directory on-demand when I need to. Ideally I'd like both Nautilus and the
Gnome fileselector to know about the ~/Private directory and prompt me to mount
it (requesting my password) when I try to open it. I suppose that, in essence,
I would like access to my privately encrypted files to be much like trying to
do something as an administrator - I should be prompted for a password to
confirm that I am who I say I am, and that I am explicitly giving permission
for the file(s) to be accessed.
kirkland says:
* I have opened wiki:Bug:256154 to support configurable mounting/unmounting
of ~/Private. With the patch attached to that bug, this will be handled by the
pam_ecryptfs module checking for the existence of a file,
~/.ecryptfs/auto-mount before mounting, and ~/.ecryptfs/auto-umount before
unmounting. The default behavior as configured by ecryptfs-setup-private will
touch both of those files. You can remove them at your desire and disable the
mounting/unmounting. Unmounting on demand is absolutely trivial; just run
umount.ecryptfs_private. When ~/Private is not currently mounted, the
directory has r-x- - - - - - permission, and has a file in it named, '''THIS
DIRECTORY HAS BEEN UNMOUNTED TO PROTECT YOUR DATA -- Run
mount.ecryptfs_private to mount again''', which happens to be a symbolic link
to /sbin/mount.ecryptfs_private. In Nautilus, you simply need to double-click
on that file. Perhaps we can get fancier, but I am not a GUI developer ;-)
markc-qsiuk says:
* Thanks for that additional information. The solution for mounting an
unmounted Private directory seems reasonable (at least as a starting point).
I'm not sure I would describe "just run ecryptfs.umount_private" as "absolutely
trivial" though - mounting a Private directory requires a double-click on a
file in that directory, whereas unmounting it requires sufficient understanding
to launch some kind of CLI to run a command. Perhaps it would be possible to
find someone with the GUI skills to write a simple Gnome panel application
whose sole purpose is to call these commands to mount and unmount when the user
clicks on it, and whose icon changes to reflect the current state - a locked
padlock when the directory is unmounted, and an unlocked padlock when it's
mounted, for example. Can you also confirm whether or not one of the
application names above is a typo as you've written "ecryptfs.umount_private"
and "mount.ecryptfs_private": I presume they're both supposed to be of the same
form.
MikeRooney:
* I will be happy to make a basic user interface in python-gtk2, if someone
can give me the basic requirements of it.
markc-qsiuk:
* I think that for a basic UI there are two things required: (1) an
indication of the current state of the private directory (mounted or
unmounted), and (2) a means to switch to the opposite state. A configuration
screen to enable or disable auto-mounting of the directory via the GUI would
also be good. A Gnome panel applet would be a sensible option as it allows the
user to check and modify the status at any time without launching another
application, though I'm not sure how practical it would be in Kubuntu or
Xubuntu. In the case of a such an applet, I would suggest an icon which
indicates a locked state when the ~/Private directory is unmounted (i.e. the
data are secure), and an unlocked state when the encrypted directory is mounted
(i.e. the data are readable to any process running as the user - less secure).
Clicking on the icon would execute {{{mount.ecryptfs_private}}} or
{{{umount.ecryptfs_private}}} in order to switch state. Determining the current
state could be as simple (or naive) as checking the permissions and content of
~/Private although there's probably a more robust way to determine it (Dustin,
does a mounted ~/Private appear in /proc/mounts, for example?). Mike, if this
sounds practical to you, perhaps we should create a new wiki page specifically
for fleshing out the GUI tool.
_______________________________________________
Mailing list: https://launchpad.net/~ecryptfs
Post to : [email protected]
Unsubscribe : https://launchpad.net/~ecryptfs
More help : https://help.launchpad.net/ListHelp
