You are not logged in.

#1 2018-08-15 11:21:25

newsboost
Member
Registered: 2016-07-24
Posts: 157

[SOLVED] Cannot stat ecryptfs file - "Permission denied"/corrupt/fsck?

Hi,

I use "mount -t ecryptfs /mnt/synNFS/@crypt@ /mnt/exchange -o options...." to mount an encrypted folder, but one of the subfolders has a file I cannot delete, I cannot stat, I suspect something is corrupt, please see output below:

[root@HPpc backup]# rm -rf pythonDMM_to_pickle.py 
rm: cannot remove 'pythonDMM_to_pickle.py': Permission denied
[root@HPpc backup]# stat pythonDMM_to_pickle.py 
stat: cannot stat 'pythonDMM_to_pickle.py': Permission denied

# ls -latr 
ls: cannot access 'pythonDMM_to_pickle.py': Permission denied
total 8
-????????? ? ?      ?        ?            ? pythonDMM_to_pickle.py
drwxr-xr-x 7 martin users 4096 Aug 15 13:00 ..
drwxrwxrwx 2 martin users 4096 Aug 15 13:00 .

# ecryptfs-stat pythonDMM_to_pickle.py 
Error opening file [pythonDMM_to_pickle.py] for RD_ONLY access; errno msg = [Permission denied]

Now, NORMALLY in this case I would run something like "fsck" to repair this partition. But I don't think I should do that here, on an encrypted filesystem... I tried to google, but didn't find exactly this problem anywhere... UPDATE: Found a post indicating dmesg could provide more info:

[  +0.000692] Error opening lower file for lower_dentry [0x000000009415573f] and lower_mnt [0x000000008792e8f6]; rc = [-13]
[  +0.000006] ecryptfs_i_size_read: Error attempting to initialize the lower file for the dentry with name [pythonDMM_to_pickle.py]; rc = [-13]

Anyway, now I'm a bit lost. I tried unmount, remount - still the same... I think this file has gotten corrupt, somehow... How to fix it?

Last edited by newsboost (2018-08-16 16:35:16)

Offline

#2 2018-08-15 20:38:09

newsboost
Member
Registered: 2016-07-24
Posts: 157

Re: [SOLVED] Cannot stat ecryptfs file - "Permission denied"/corrupt/fsck?

UPDATE: Ok, I found the solution, just for the records, it was right about the permission stuff. I don't really understand why I'm not "root" user on the encrypted-mounted directory structure. But I'm just my normal user, when working on my normal pc. The encrypted folder is on a Synology NAS harddrive (I use NFS for network connection). When I login to the web-IF on the Synology and then mount the encrypted directory structure, I can ssh into the encrypted-mounted folder and work as root. As root, I can do anything, including operations on the above file. So that seemed to be my problem... I just don't understand why I'm not root, when mounting through NFS:

I tried to figure out a command-line or an explanation so I didn't have to login to the NAS, for becoming root, to have root rights on the encrypted file/folder hierarchy. I couldn't find a solution but I'm doing practically like Robert Castle source: https://robertcastle.com/2012/10/howto- … -in-linux/ ).

sudo mount -t ecryptfs -o key=passphrase,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_passthrough=no,ecryptfs_enable_filename_crypto=yes,passwd=(here I enter my password)

While mounting on the Synology/NAS I tried to use "ps -fe | grep -i crypt" and it does something strange with ecryptfs-unwrap-passphrase /volume1/@eaDir/crypt/SYNO@.encrypt $1$5Y.......(diff. chacters/numbers, which I don't understand). I tried to give my passphrase to ecryptfs-unwrap-passphrase with the strange file /volume1/@eaDir/crypt/SYNO@.encrypt as argument and I copy/pasted what I could see from "ps -fe | grep -i crypt", i.e. something with $1$5Y.... to the command line. But every time, it complains - the /var/log/messages says: "ecryptfs-unwrap-passphrase: Incorrect wrapping key for file [@eaDir/crypt/SYNO@.encrypt]"... So this part I don't really understand. Maybe I need to use ecryptfs-unwrap-passphrase on my desktop pc before mounting, if I want root permissions on the mounted encrypted folder-structure? Anyway, I'll mark this as solved soon, unless anybody else has anything to add (which I would be happy about)...

Last edited by newsboost (2018-08-16 10:40:53)

Offline

Board footer

Powered by FluxBB