Gnome Encfs Manager 1.8 introduced quite a lot of changes under-the-hood, that made it more responsive and a lot more efficient if you have lots of stashes (30+). Thanks to some humble donors I even found the motivation to add some extra-juicy stuff :-)
But the most significant addition is the ability to almost completely configure and control GEncfsM over D-Bus. The API is not yet final and should be regarded as work-in-progress for now and as a feature-preview for GEncfsM 2.0. I'd actually love to add a small dialog inside the GUI in 2.0 to browse and enable the scripts but I still have so many things on my TO-DO-list that I'd probably have to work 2 weeks full-time on GEncfsM until I even come to that point...
So, before I introduce you to the scripts that I included in GEncfsM 1.8 (you can find them in /usr/share/gnome-encfs-manager/scripts), let's take a look at the output of GEncfsM's command-line help:

moritz@master:~$ gnome-encfs-manager --help
Version: 1.8.0

  --version			show the version and exit
  --help			show this help and exit
  --reset			Reset all stashes and settings
  --replace			Replace the running instance
  --nostartupmount		don't mount the stashes at startup
  --checkstash <directory>	do some common checks on the
  				stash in <directory>

The following commands allow you to control a running instance of GEncfsM.
<directory> can be either the stash directory or the mount directory.

  * list_stashes
  * mount		<directory>
  * unmount		<directory>
  * is_available	<directory>
  * is_configured	<directory>
  * is_mounted		<directory>
  * set			variable=value <directory>
  * get			variable <directory>
  * set_pref		variable=value
  * get_pref		variable
  * create_stash	<stash_directory> <mount_directory>
  * import_stash	<stash_directory> <mount_directory>
  * remove_stash	<directory>
  * delete_stash	<directory>
  * indicate		busy | your_status_message | idle
  * quit

E.g. gnome-encfs-manager set mount_directory="/path/to/new mount dir" :/.Crypt


The most efficient way to get to know all the options and how they can be of help to you is probably to just try them. However, I'd like to make some remarks because I'm too lazy to write a full documentation at the moment. (And because I don't know yet how many people are actually interested in it...)

  • The first remark is the "indicate"-option. It allows you to indicate when your script is active. This command returns an ID, that is used to identify the message when you want to remove it. The form of the status-message should be "(script_name) basename_of_mount_dir: message" to be consistent. Look at "kill-unmount" for an example.
  • The second remark concerns the notation ":/". This refers to the mount-base-directory (default $HOME/Encfs).
  • Third: You can use the following variables in your scripts: $MOUNT_DIR, $STASH_DIR and $SCRIPT_TYPE
  • Fourth: You can cancel the mount / unmount operations in the pre-commands by returning the status $GENCFSM_CANCEL (exit $GENCFSM_CANCEL)
  • Fifth: Recursion ("kill-unmount", I look at you). I played a lot with it and had several prototypes. At the end I decided to disable recursion because it just makes things overly complicated.
  • There exists a global variable space in GEncfsM 2.3 that you can use to exchange data between your scripts / script calls. It can be accessed through set_var and get_var. The variables should be prefixed by the script-name followed by a dot, e.g. "" to avoid name clashes.
  • The folders "~/.local/share/gnome-encfs-manager/scripts" and "/usr/share/gnome-encfs-manager/scripts" are added to GEncfsM's PATH, so you can directly put the script-names inside the custom-command-slots if you put your scripts there.

That's pretty much everything I have for you for now. So, what is still left is some inspiration. GEncfsM 1.8 comes with the following three handy and ready-to-use-scripts. I just can't wait to see your awesome ideas and contributions.

# [Type]
# post_unmount_command
# [Description]
# This script kills all processes accessing the stash
# and dispatches another unmount-request when done

# Is the stash still mounted ?
if gnome-encfs-manager is_mounted "$MOUNT_DIR" >/dev/null; then

	# Set the message we want to display in the manager while we are busy
	# and save the message ID so we can properly remove it later
	busy_id=$(gnome-encfs-manager indicate "(kill-unmount) `basename "$MOUNT_DIR"`: Killing processes...")

	# Search for processes and kill them
	pids=$(lsof | grep "$MOUNT_DIR" | awk '{print $2}' | sort -u)
	for pid in $pids; do
	    kill -9 $pid

	# remove the message from the message stack
	gnome-encfs-manager indicate $busy_id

	# Call unmount again, it should now succeed
	gnome-encfs-manager unmount "$MOUNT_DIR"

Have you ever had the "problem" that a stash refused to be unmounted because there are still some programs accessing it? If yes, then I have something nice for you: "kill-unmount". It looks for all file-descriptors that are referencing into the mounted stash and kills their processes. Pretty neat, huh? ;-) (Note: the shown script is for 1.8.3 and higher, the one included in 1.8.0 uses a slightly different indicate-API)

Now directly to the next one:

# [Type]
# post_mount_command
# [Description]
# This script starts a Firefox session inside the stash and
# unmounts the stash when the last Firefox-window is closed

cp "$HOME/.Xauthority" "$MOUNT_DIR" 2>/dev/null >/dev/null
export HOME="$MOUNT_DIR"
for i in "firefox" "firefox-trunk"; do
	if which $i >/dev/null; then
		$i -no-remote
gnome-encfs-manager unmount "$MOUNT_DIR"

If you want a slightly more sophisticated version of the "private-browsing"-feature found in Firefox, create a new stash (simply type ".Firefox" as the directory to encrypt in the create stash dialog) and set the post_mount_command to "firefox-stash". A side-effect is that you also get a nice place where you can download your confidential stuff to. The last line will automatically unmount the stash when the last Firefox-window is closed. If you want you can combine this with the "kill-unmount"-script just in case. I use something similar for my file-manager (I use a wrapper around nemo for this) when working with my stashes but it's not really possible to offer something generic. Another version could do the following:

firefox-stash (2)
# [Type]
# post_mount_command + pre_unmount_command
# [Description]
# This script creates a Firefox session inside the stash
# and asks what to do when unmouting

run_firefox() {
	export HOME="$MOUNT_DIR"
	for i in "firefox" "firefox-trunk"; do
		if which $i >/dev/null; then
			$i -no-remote 2>/dev/null >/dev/null

case "$SCRIPT_TYPE" in
		cp "$HOME/.Xauthority" "$MOUNT_DIR" 2>/dev/null >/dev/null

		if zenity --question --text="Open Firefox?\n(\"No\" will unmount the stash.)"; then
			run_firefox &

This one would ask if you want to open Firefox or unmount the stash if it is already mounted if you click on unmount. This isn't part of GEncfsM but I think the general idea is quite nice as well :-)

Because it's so much fun to just show some code, here's the next:

# [Type]
# *
# [Description]
# Shows status notifications

case "$SCRIPT_TYPE" in
		state="Mounting stash"

		state="Unmounting stash"

		if gnome-encfs-manager is_mounted "$MOUNT_DIR" >/dev/null; then
			state="Stash is mounted"
			state="Stash is unmounted"

notify-send --icon="gnome-encfs-manager" "`basename "$MOUNT_DIR"`" "$state"

Execute this script in whichever slot you want to get some nice desktop-notifications.

GEncfsM 1.8.2 added the following, showing off the mount_added_command slot in the advanced preferences:

# [Type]
# mount_added_command
# [Description]
# This script automatically imports stashes on inserted devices.
# Note that MOUNT_DIR refers to the directory of the mounted device in the
# "mount_*_command" commands.

case "$SCRIPT_TYPE" in

	# make sure the script only runs in the right slot

		# contains the mounted drive a valid stash?
		if gnome-encfs-manager --checkstash "$MOUNT_DIR" >/dev/null; then

			# Is the stash already registered in GEncfsM?
			if ! gnome-encfs-manager is_configured "$MOUNT_DIR" >/dev/null; then

				# Import the stash
				gnome-encfs-manager import_stash "$MOUNT_DIR" ":/`basename "$MOUNT_DIR"`"

				# Is it now in GEncfsM?
				if gnome-encfs-manager is_configured "$MOUNT_DIR" >/dev/null; then

					# Send some fancy notification
					notify-send --icon="gnome-encfs-manager" "`basename "$MOUNT_DIR"`" \
						    "The stash was imported"

If you are like me and have all of your removable devices encrypted, it can become quite annoying to manually import the stashes on them when switching between computers. This script looks whether the inserted drive contains a valid stash and imports it if it isn't yet configured. It also has one of those nice notifications.

9 Responses to “Gnome Encfs Manager Scripts & Scripting”

  1. zed
    June 12th, 2013 at 09:31

    Thanks for your work! The firefox script in particular sounds a really good idea. I’ll have to check of this new GEncfsM version to understand how these scripts work and how to use them to protect my firefox and opera data.

  2. Moritz
    June 12th, 2013 at 14:38

    I just posted the script I use to encrypt my file manager along with some more annotations regarding the principal behind it:

    Have fun :-)

  3. zed
    June 13th, 2013 at 16:00

    Awesome, thanks!

  4. Alex
    December 29th, 2016 at 14:29

    Thanks for your work from Russia!
    Thanks, dear friend.

  5. Xandir
    July 28th, 2017 at 06:12

    Thanx you so much. I have always leaned so much towards gui over terminal or command line. I prefer hand held gaming controller over keyboard and text-based gadgets too tho. And use gnome-flashback instead of of unity so I can make launchers instead of enter commands. –> /me shrugs.

    Points is, thanx. I loe the gui for my encrypted folders, and the “how-to” ope’ning dolphin inside a cryptoviro.

    Big High-5

  6. Anonymous
    April 9th, 2018 at 17:25

    Hi. I have just started using gnome-encfs-manager. So far, I am very pleased to see how easy it is to put it to good use. Nevertheless, I have not found documentation on how to use the options:

    mount dir_base

    I imagined the first one should be a file explorer (nemo, nautilus) to open the directory as soon as it was mounted. Nevertheless, it did not work.

    But something worse happened: after trying “nautilus” and changing HOMEDIR, it does not run anymore and I get the following error:

    ** (process:11721): CRITICAL **: file main.c: line 7094: unexpected error: Error calling StartServiceByName for com.libertyzero.GnomeEncfsManager: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: Process com.libertyzero.GnomeEncfsManager received signal 11 (g-dbus-error-quark, 26)

    What can I do about that?

    Thank you

    – fernando

    PS – Have gnome-encfs-manager running in two other machines. It’s been working without any problems.
    Problems only on this machine, after I tried to insert those things I mentioned above.

  7. Moritz
    April 12th, 2018 at 10:37

    DBus needs the correct HOME env set. You can cache it into another variable and pass it to GEncfsM e.g. with HOME=$REALHOME gnome-encfs-manager, mount_added/removed commands are run when you e.g. insert a drive. The idea was to let you e.g. automatically import stashes on removable media to GencfsM, mount_dir_base is the directory where by default stashes are created and mount points are suggested. force_traysystem can be used if the desktop environment doesn’t show the icon with either the classic X11 systray icon or the DBus API, valid settings are “classic” and “appindicator”, with appindicator only available if it was compiled in.

  8. Anonymous
    November 13th, 2018 at 15:28

    hello, it has been two months since I’ve installed Gnome Encfs manager unfortunately right now if i type the password to open,the message “The mount folder is not empty” pop up what should i do? i have very potential documents in it help me

  9. Del
    September 25th, 2019 at 12:18

    Check the folder it makes when it’s active (in a file manager) before attempting to log in, you will probably find it’s not empty, empty it and try again.

Leave a Comment

I respect your privacy
I don't run any trackers on this site.

Your questionable browsing-history should remain between you and the NSA ;-)