I have an ecryptfs directory that is synchronized accross my computers via Dropbox (btw i'm looking for an open source app replacement for that last one). Posting in Security forum for it's encryption's related, and loosing files is a real security issue.
That time I could clean them up, buldozer's way (unimportant files).
Does someone knows of a more standard, less destructive way to recover or clean up ecryptfs's encrypted directory ?
1. Garbage files in mounted ecryptfs directory (the Issue):
Listing below after I moved all the other files to a temporary directory:
$ ls -liR Private/
Code:
Private/:
total 20
1507483 drwxr-xr-x 2 USER users 14336 7 déc. 13:51 cpratik_temp
1507547 drwxr-xr-x 4 USER users 5120 10 nov. 19:12 tablo-mum
Private/cpratik_temp:
ls: impossible d'accéder à Private/cpratik_temp/PPLs_ÚZAkâ£ÉòG¹GZiö;ܦګÆÿ9¹'^[[?1;2c: Aucun fichier ou dossier de ce type
total 0
? -????????? ? ? ? ? ? PPLs_?ZAk?????G??G??Z?i???;?ܦګ??9?'
Private/tablo-mum:
total 5
1605746 drwxr-xr-x 2 USER users 4096 10 nov. 19:12 textes
1572891 drwxr-xr-x 2 USER users 1024 18 mars 2014 trash
Private/tablo-mum/textes:
ɢ´¡՟L|Ûi%q: Aucun fichier ou dossier de ce typextes/P
ɢ´¡՟L|Ûi%q: Aucun fichier ou dossier de ce typextes/P
ɢ´¡՟L|Ûi%q: Aucun fichier ou dossier de ce typextes/P
ɢ´¡՟L|Ûi%q: Aucun fichier ou dossier de ce typextes/P
total 0
? -????????? ? ? ? ? ? P?ɢ??՟L|?i%??q
? -????????? ? ? ? ? ? P?ɢ??՟L|?i%??q
? -????????? ? ? ? ? ? P?ɢ??՟L|?i%??q
? -????????? ? ? ? ? ? P?ɢ??՟L|?i%??q
Private/tablo-mum/trash:
ɢ´¡՟L|Ûi%q: Aucun fichier ou dossier de ce typeash/P
total 0
? -????????? ? ? ? ? ? P?ɢ??՟L|?i%??q
$ ls -liR .Private/
Code:
.Private/:
total 20
1507547 drwxr-xr-x 4 USER users 5120 10 nov. 19:12 ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-Ofc8D6sY3Eg-958u7zhrwNi9k--
1507483 drwxr-xr-x 2 USER users 14336 7 déc. 13:51 ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcodKl7NMxUk78BWIWihJdVE--
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-Ofc8D6sY3Eg-958u7zhrwNi9k--:
total 5
1605746 drwxr-xr-x 2 USER users 4096 10 nov. 19:12 ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcBv0TiyFdcnYyPOD0PegObU--
1572891 drwxr-xr-x 2 USER users 1024 18 mars 2014 ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcMlmERutSlOEcOTFumkStmE--
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-Ofc8D6sY3Eg-958u7zhrwNi9k--/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcBv0TiyFdcnYyPOD0PegObU--:
total 380
1605761 -rw-r--r-- 1 USER users 94208 31 mars 2014 ECRYPTFS_FNEK_ENCRYPTED.FXa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcTDctuJFmYt06ionrSrbg7gDRjRDgKKWuBXSPhC14 (Copie en conflit de gwenael 2014-03-26).ls-
1605778 -rw-r--r-- 1 USER users 98304 9 mai 2014 ECRYPTFS_FNEK_ENCRYPTED.FXa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcTDctuJFmYt06ionrSrbg7gDRjRDgKKWuBXSPhC14 (Copie en conflit de gwenael 2014-05-09).ls-
1606183 -rw-r--r-- 1 USER users 98304 10 mai 2014 ECRYPTFS_FNEK_ENCRYPTED.FXa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcTDctuJFmYt06ionrSrbg7gDRjRDgKKWuBXSPhC14 (Copie en conflit de gwenael 2014-05-19).ls-
1608579 -rw-r--r-- 1 USER users 98304 18 avril 2014 ECRYPTFS_FNEK_ENCRYPTED.FXa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcTDctuJFmYt06ionrSrbg7gDRjRDgKKWuBXSPhC14 (Copie en conflit de llewellyn 2014-04-19).ls-
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-Ofc8D6sY3Eg-958u7zhrwNi9k--/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcMlmERutSlOEcOTFumkStmE--:
total 80
1572896 -rw-r--r-- 1 USER users 81920 17 mars 2014 ECRYPTFS_FNEK_ENCRYPTED.FXa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcTDctuJFmYt06ionrSrbg7gDRjRDgKKWuBXSPhC14 (Copie en conflit de llewellyn 2014-03-17).ls-
.Private/ECRYPTFS_FNEK_ENCRYPTED.FWa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-OfcodKl7NMxUk78BWIWihJdVE--:
total 16
1509956 -rw-r--r-- 1 USER users 16384 20 avril 2014 ECRYPTFS_FNEK_ENCRYPTED.FYa-TSdNp0IipUR9s2V-5uPa5b8W2m1Z-Ofc7wiwniyjHfa4lTX3V46pbeT6CuGkm (Copie en conflit de gwenael 2014-04-22).f3zpV3CF-uvZcEefca573tkHWEzDnmJhqK
2) Recovering (non-destructive way):
Tried to:
# fsck -yv /home/USER/.Private
Code:
fsck de util-linux 2.25.2
e2fsck 1.42.12 (29-Aug-2014)
/home/USER/.Private is mounted.
ATTENTION*!!! Le système de fichiers est monté. Si vous continuez
vous ***CAUSEREZ*** des dommages ***SÉVÈRES*** au système de fichiers.
Souhaitez-vous réellement continuer<n>? non
vérification stoppée.
$ ecryptfs-umount-private
# fsck -yv /home/USER/.Private
Code:
fsck de util-linux 2.25.2
e2fsck 1.42.12 (29-Aug-2014)
fsck.ext2: est un dossier lors de la tentative d'ouverture de /home/USER/.Private
Le superbloc n'a pu être lu ou ne contient pas un système de fichiers
ext2/ext3/ext4 correct.
ie. fsck is not an option for ecrypts' directory. I guess the abstraction level is high enough to forbid such an operation.
3) Destructive Clean up (the destructive way):
Files were not important therefore:
a) I moved all (movable) files from ~/Private to a temporary directory
Code:
$ rsync -av ~/Private/ /temp_dir
b) then I tried to delete them straight from the ~/.Private directory
Code:
$ rm -rf ~/.Private/ECRYPTFS_*
Worked:
Code:
$ ls -liR .Private/
.Private/:
total 0
Code:
$ ls -liR Private/
Private/:
total 0
Refs
Possibly related, though I had no {eCrypts,ecryptfs} logs in journalctl and dmseg
1.
eCryptfs should initialize existing empty files at open()
dmesg:
[40611.456052] Valid eCryptfs headers not found in file header region or xattr region, inode 3936613
Here's a way to find the offending file:
find ~ -max-depth $N -inum $INUM
2.
How to fsck a .ecryptfs home directory?
When I do a rm (sudo or not does not matter) I get:
#rm: cannot remove `File1': Operation not permitted
