About

I already wrote about the usage of file managers regarding encrypted folders in the former post "Some things you should be aware of when working with encrypted folders". I just can't recommend to open encrypted folders with your usual tools unless you really trust them to protect your privacy.
What I do since many years for the work with my encrypted data is to isolate the programs by putting them inside encfs encrypted stashes. For most applications it's sufficient to set the "HOME" environment variable to have them store all their data there. However, some programs need special treatment.
The following example additionally injects a custom version of the file "/etc/passwd" into the executable because I found that the HOME variable is ignored by some programs and instead the information for the user's home directory is taken directly from that file.

Since the Gnome Encfs Manager finally supports some scripting, I thought, "Hey, I work with computers hence I'm lazy!" and put the stuff into a script for GEncfsM. After everything is set up, this one behaves exactly like you'd expect it from the application with the only difference being that you are asked for the stashes' password if it is not mounted. You can even pass command line parameters!

Setup

First, copy the script from this page into a file (I called the script "cnemo" for "crypted nemo" ;) ) and set the variable CNEMO_DIR to the stashes' mount directory and the variable EXE to the file manager you want to use. Then make the script executable and copy it somewhere into your PATH (e.g. "/usr/local/bin"). Next create a stash in GEncfsM with the mount directory set to the folder you set CNEMO_DIR to. I think that's it and you should now be able to run "cnemo". When you run it for the first time in a terminal it will do the remaining set up.
Optionally you can now put the command cnemo "$MOUNT_DIR" into the post_mount_command variables of all stashes that should open a file manager after they are mounted.

cnemo
#!/bin/bash

# : Set this to the folder where the file manager will save its data :
if [ -z "$CNEMO_DIR" ]; then
    CNEMO_DIR="/home/moritz/Encfs/cnemo"
fi

# : Select your file manager :
# Important: Select one that you don't use normally. Else it will try to
# connect to the already running instance. (You definitely don't want that)
if [ -z "$CNEMO_EXE" ]; then
    CNEMO_EXE="nemo --no-desktop"
    #CNEMO_EXE="nautilus --no-desktop"
    #CNEMO_EXE="pcmanfm"
fi
#-------------------------------------------------------------------------------

if test "$MOUNT_DIR" != "$CNEMO_DIR"; then
    unset SCRIPT_TYPE
fi

setup() {
if [ ! -z "$SCRIPT_TYPE" ]; then
    gnome-encfs-manager indicate "(cnemo) Setup"
fi
_tmp=`mktemp`
cat << eof > "$_tmp"
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
static FILE* (*fopen_real) (const char* filename, const char* mode);
FILE * fopen( const char* filename, const char* mode )
{
  if (fopen_real == NULL) {
    fopen_real = dlsym(RTLD_NEXT, "fopen");
  }

  if (strcmp( filename, "/etc/passwd" ) == 0) {
    char buf[256];
    snprintf( buf, 256, "%s/.passwd", getenv("HOME") );
    return fopen_real(buf, mode);
  } else {
    return fopen_real(filename, mode);
  }
}
eof

gcc -x c -fpic -shared -ldl -o "$CNEMO_DIR/.preload_`arch`.so" "$_tmp"
rm "$_tmp"

grep -e "^root:" /etc/passwd > "$CNEMO_DIR/.passwd"
grep -e "^$USER:" /etc/passwd | sed "s|$HOME|$CNEMO_DIR|" >> "$CNEMO_DIR/.passwd"

if [ ! -z "$SCRIPT_TYPE" ]; then
    gnome-encfs-manager indicate idle
else
    gnome-encfs-manager set pre_mount_command="`readlink -f "$0"`" "$CNEMO_DIR"
    gnome-encfs-manager set post_mount_command="`readlink -f "$0"`" "$CNEMO_DIR"
    gnome-encfs-manager set pre_unmount_command="`readlink -f "$0"`" "$CNEMO_DIR"
    gnome-encfs-manager set post_unmount_command="`readlink -f "$0"`" "$CNEMO_DIR"
fi
}

debug() {
    echo "> $@"
    $@
}

run_nemo() {
    if [ ! -e "$CNEMO_DIR/.preload_`arch`.so" ]; then
        setup
    fi

    export HOME="$CNEMO_DIR"

    export LD_PRELOAD="$HOME/.preload_`arch`.so"
    debug $CNEMO_EXE $@
}

if [ -z "$SCRIPT_TYPE" ]; then
    if gnome-encfs-manager is_mounted "$CNEMO_DIR" >/dev/null; then
        run_nemo $@
    else
        export __PWD="$PWD"
        export __ARGS="$@"
        gnome-encfs-manager mount "$CNEMO_DIR"
    fi
    exit
fi

case "$SCRIPT_TYPE" in
    pre_mount_command)

        ;;
    post_mount_command)
        if [ ! -z "$__PWD" ];then
            cd "$__PWD"
        else
            cd "$CNEMO_DIR"
        fi
        run_nemo $__ARGS &
        ;;
    pre_unmount_command)
    	if [ -z "$__CNEMO_EXIT" ]; then
		    if zenity --question --text="Open file manager?\n(\"No\" will unmount the stash.)"; then
		        cd "$CNEMO_DIR"
		        run_nemo &
		        exit $GENCFSM_CANCEL
		    fi
		fi
        ;;
    post_unmount_command)
    	export __CNEMO_EXIT="1"
        kill-unmount
        ;;
esac

One Response to “Putting a file manager inside an encfs encrypted stash”

Leave a Comment

I respect your privacy
I don't run any trackers on this site.

Please use the share-buttons or leave comments so I know what might be worth writing about.

Thank you.
Contact