how to run gocryptfs from php script in Firefox

pizzipie · 04-21-2023, 03:47 PM

Using Ubuntu 20.04

I can run gocryptfs with exec() from the command line and it works fine. If I try to use the same php script from Firefox it won't work. Here are the particulars.

script myexec.php:

Code:

// begin php:

$output1=$retval1=$output2=$retval2=null;

exec('whoami', $output1, $retval1); 
exec('gocryptfs -allow_other acctsEncrypted accounts', $output2, $retval2);

echo "one .....";
print_r($output1);

echo "two .....";
print_r($output2);

// end php:

// =================================================

From Command Line running script myexec.php:

command: rick@rick-MS-7C02:~/DBases/Dbmysql/aa_SecureDir$ php -f myexec.php

output:
Password:
one .....Array
(
[0] => rick // ========== > owner - rick
)
two .....Array
(
[0] => Decrypting master key
[1] => The option "-allow_other" is set. Make sure the file permissions protect your data from unwanted access.
[2] => Filesystem mounted and ready.
)

// ======================================================

From Firefox running script myexec.php:

command: exec('whoami', $output1, $retval1);
output: one..... Array ( [0] => www-data ) // ============ > owner www-data

command: exec('gocryptfs -allow_other acctsEncrypted accounts', $output2, $retval2);
output: two .....Array ( )

permissions:
-rwxrwxrwx 1 rick www-data 664 Apr 21 11:26 myexec.php* // ============= > rick & www-data have permission
-r-------- 1 rick www-data 385 Apr 16 15:09 gocryptfs.conf // ========== > only rick can read

Apache2 error.log
Cannot open config file: open /home/rick/DBases/Dbmysql/aa_SecureDir/acctsEncrypted/gocryptfs.conf: permission denied
[Fri Apr 21 11:41:47.701666 2023] [authz_core:debug] [pid 2719946] mod_authz_core.c(817): [client 127.0.0.1:60894] AH01626:

if I change group permission to r or rw or rwx output is:
two .....Array ( [0] => Reading Password from stdin ) ===== > is shown on screen.

Thanks in advance for help in making this work.

R

NevemTeve · 04-21-2023, 04:14 PM

No need to encrypt data you wish to publish on internet.

pizzipie · 04-21-2023, 08:49 PM

Thanks for the reply.

Quote:

No need to encrypt data you wish to publish on internet.

I am not publishing to the internet. I want to protect my data from someone who might snoop. Say I lost the computer or it was stolen.

Also, to satisfy my own curiosity, I want to know how to make this work!

R

NevemTeve · 04-22-2023, 12:34 AM

You have to provide the password to `gocryptfs`. You might want to try option `passfile`.
https://github.com/rfjakob/gocryptfs...ion/MANPAGE.md

NevemTeve · 04-23-2023, 07:28 AM

Also you can test your script as `www-data`, see here: https://lzsiga.users.sourceforge.net/ekezet.html#Q0228 (in Hungarian, use some translator program)

pizzipie · 04-23-2023, 11:46 AM

I tried gocryptfs -passfile ..... and again on command line the accounts.sh works but from Firefox with running php script in won't. It must be some quirky permission thing that I can't figure out?

R

NevemTeve · 04-23-2023, 12:19 PM

Become `www-data` user and run tests with php-cli. (And directly with gocryptfs.)

A note: it is not `Firefox` that runs php scripts, it's `apache httpd`.