I have a usb drive with an encfs encrypted folder. I usually decrypt this with
encfs /media/user/DBx/enc /media/user/DBx/dec
When I try this with a new Ubuntu install using 22.04.3, I get the error:
fusermount: mounting over filesystem type 0x7366746e is forbidden
fuse failed. Common problems:
- fuse kernel module not installed (modprobe fuse)
- invalid options -- see usage message
When I run:
sudo modprobe -v fuse
I don't get an error, but I don't get any output either.
Here is the verbose output from the encfs command:
encfs -vf /media/user/DBx/enc /media/user/DBx/dec
2023-08-15 06:45:43,758 VERBOSE Root directory: /media/user/DBx/enc/ [main.cpp:686]
2023-08-15 06:45:43,759 VERBOSE Fuse arguments: (fg) (threaded) (keyCheck) encfs /media/user/DBx/dec/ -f -o use_ino -o default_permissions [main.cpp:687]
2023-08-15 06:45:43,771 VERBOSE found new serialization format [FileUtils.cpp:299]
2023-08-15 06:45:43,771 VERBOSE subVersion = 20100713 [FileUtils.cpp:313]
2023-08-15 06:45:43,771 VERBOSE checking if ssl/aes(3:0:2) implements ssl/aes(3:0) [Interface.cpp:103]
2023-08-15 06:45:43,771 VERBOSE allocated cipher ssl/aes, keySize 24, ivlength 16 [SSL_Cipher.cpp:395]
2023-08-15 06:45:43,771 VERBOSE useStdin: 0 [FileUtils.cpp:1660]
EncFS Password:
2023-08-15 06:46:15,760 VERBOSE checking if ssl/aes(3:0:2) implements ssl/aes(3:0) [Interface.cpp:103]
2023-08-15 06:46:15,760 VERBOSE allocated cipher ssl/aes, keySize 24, ivlength 16 [SSL_Cipher.cpp:395]
2023-08-15 06:46:17,538 VERBOSE cipher key size = 44 [FileUtils.cpp:1673]
2023-08-15 06:46:17,539 VERBOSE checking if nameio/block(4:0:2) implements nameio/block(4:0) [Interface.cpp:103]
fusermount: mounting over filesystem type 0x7366746e is forbidden
The filesystem on the usb-drive is ntfs. The drive is 24% full.
I can mount it with sudo, however:
sudo encfs /media/user/DBx/enc /media/user/DBx/dec
then if I start a file manager as root I can read the decrypted folder. I'd like to be able to decrypt the folder as a regular user as I can on other ubuntu systems.
I can read/write regular files to the usb-drive.
I can also use encfs as a regular user on my hard drive:
encfs /home/user/temp/enc /home/user/temp/dec
On my 22.04.2 Xubuntu system, I can mount /media/user/DBx/enc as user, as I can on 18.04 systems.
I cannot create a new encrypted file on the usb-drive on the 22.04.3 system. I get the same error:
encfs /media/user/DBx/test/enc /media/user/DBx/test/dec
Configuration finished. The filesystem to be created has
the following properties:
Filesystem cipher: "ssl/aes", version 3:0:2
Filename encoding: "nameio/block", version 4:0:2
Key Size: 256 bits
Block Size: 1024 bytes, including 8 byte MAC header
Each file contains 8 byte header with unique IV data.
Filenames encoded using IV chaining mode.
File data IV is chained to filename IV.
File holes passed through to ciphertext.
fusermount: mounting over filesystem type 0x7366746e is forbidden
fuse failed. Common problems:
- fuse kernel module not installed (modprobe fuse)
- invalid options -- see usage message
Both 22.04 systems have the same fuse-related libraries installed and all the versions match:
encfs, fuse3, gvfs, gvfs-backends, gvfs-common, gvfs-daemons, gvfs-fuse, gvfs-libs, libfuse2, libfuse3-3, libntfs-3g89, ntfs-3g, psmisc.
On both systems, I am in the same groups as a regular user:
user, adm, cdrom, sudo, dip, plugdev, lpadmin, lxd, sambashare.
The 22.04.3 where I need root privileges is a dual boot machine, while the 22.04.3 where I can use encfs as a regular user is linux only. The 22.04.3 system with the permission problem has 5 disk partitions. The linux partition is ext4 as it is on the 22.04.2 system where encfs works as a normal user.
Since the libraries are the same on the two systems, and in the disks utility both systems say the usb drive is ntfs, I think for some reason the hex representation of the disk type must be different between the two systems.
According to:
https://github.com/libfuse/libfuse/issues/572
each hex representation has to be whitelisted in fusermount.c, and 0x7366746e is not there. https://github.com/libfuse/libfuse/pull/573/files
But from a related post, https://github.com/rfjakob/gocryptfs/issues/662#issuecomment-1166474509 a workaround is offered - simply change the mount point to somewhere else, like under /tmp. This worked like a charm. Maybe it is even better from a performance point of view to have the mount point off the usb. The reason I had the mount pointpoint on the usb is I started doing this on a chromebook with little memory or hard drive space.
So one difference between the systems are the linux kernels. The system where enfcs CAN mount to the ntfs usb drive is 5.15.0-76-generic, while the kernel where encfs CANNOT mount to the ntfs usb drive is 6.2.0-26-generic. Guess that is progress?
