Topic: SharedFolder Encryption Panel is empty

[focfree]

hi everyone,

Just installed SharedFolders using http://wiki.contribs.org/SharedFolders as reference.

1. Yum installed using sme7contribs instead of smecontribs... no obvious problems.

2. SharedFolders Encryption Panel appeared in the server manager Collaboration Panel correctly, but the SharedFolder Panel appeared in a new Unknown Panel.  Did a yum remove and reinstalled several days later and it is now appearing correctly under the Collaboration Panel.  Unable to repeat and no idea where to look... is this a previously known bug not fully resolved?

3. Created a folder "sharetest" from the panel... functions, permissions seems to work ok. The only time waster was the Encryption Panel is empty & I spent many hours searching & figuring out how.

From shell, I got:

[root@abc ~]# db accounts show sharetest
sharetest=share
    Ajaxplorer=disabled
    DynamicContent=disabled
    Encryption=disabled
    InactivityTimeOut=
    Indexes=enabled
    Name=Test folder for testing sharedfolders
    ReadGroups=
    ReadUsers=
    RecycleBin=disabled
    RecycleBinRetention=unlimited
    RequireSSL=enabled
    WebDav=enabled
    WriteGroups=we-01,we-02
    WriteUsers=me-01,me-02
    httpAccess=global-pw
    smbAccess=browseable

Noticing that "Encryption" is disabled, I manually enable it with:

[root@abc ~]# db accounts setprop sharetest Encryption enabled
and the Encryption Panel shows up the sharetest folder I created.

...and disabling it with:

[root@abc ~]# db accounts setprop sharetest Encryption disabled
the Encryption Panel became empty again.

If this is a normal behaviour, then the wiki needs updating for better user experience
or the Encryption Panel was supposed to display all available shares for users to select whichever to be encrypted?

4. How can one be sure an encrypted folder is encrypted?

TIA for clarifying and improving user experience with sme & contribs.

Note: My test box is server-only clean installed sme8.0

Hope these will help someone waste less time & enjoy sme8 and the contribs.

will be checkout/tryout the ajaxplorer option next week when time permits.

[Daniel B.]

Hi.

The panel appearing in the unkown catagory was a bug solved in the latest release.

For the Encryption option, you need to follow the doc in the wiki.

First, you have to install fuse-encfs from the dag repo. Once fuse-encfs is installed, you'll have a new section when you create a shared folder where you can enable encryption and choose a password. Once created, an encrypted shared folder can be enabled or protected using the encryption panel. A shared folder can only be encrypted at creation time (you cannot encrypt an already existing shared folder just by setting the Encryption prop to enabled)

Hope this helps.

Regards, Daniel

[focfree]

hi daniel,

tnanks for your reply.

1. I yummed using sme7contribs 2 weeks ago. are you saying there is a more recent update?
2. In the wiki docs, it was mentioned that fuse-encfs is already part of sme8.0, which I am using, and one only has to load it using:
ls something | grep something.
after that, I created the test folder, but the panel was blank.  how is it so? where should I look for clues ?
3. how to be sure a folder is encrypted?
thanks for the great work.

[janet]

focfree

2. In the wiki docs, it was mentioned that fuse-encfs is already part of sme8.0, which I am using, and one only has to load it using:
ls something | grep something.

That is NOT what it said. Please read Wiki articles CAREFULLY, this is what it said.

after yum --enablerepo=dag install fuse-encfs

   Note:
on SME8 kernel, the fuse module is already included, so you don't have to do anything more, but on SME7, you'll have to install the fuse-kmdl module for your current kernel. fuse-kmdl can be found in atrpms repository

Once fuse-encfs is installed, make sure the fuse module is loaded
lsmod | grep fuse


Ie you are confusing fuse-kmdl and fuse-encfs

Just do what you are told and it will probably work
To check the version installed do
rpm -q packagename
(without the numbers)

Edit: PS The currently available version in the sme7 smecontribs repo is smeserver-shared-folders-0.1-74.el4.sme.noarch.rpm
See here
http://distro.ibiblio.org/smeserver/releases/7/smecontribs/i386/RPMS/

On sme8 if you configure the dag repo (for el5 as per current wiki instructions here http://wiki.contribs.org/Dag), and configure the sme7contribs repo as per wiki, then this install command works
yum install smeserver-shared-folders fuse-encfs --enablerepo=sme7contribs --enablerepo=dag

[focfree]

hi Daniel & Mary

Thanks for detailing & clarifying above. Also for updating the sharedfolders contrib wiki.
It is clearer now and offering less chances for guessing, getting lost & wasting time.

Testing continued last night:
After installing fuse-encfs in-addition to smeserver-shared-folder contrib on my sme8.0 box,
(1) the encryption panel correctly shows up shared folder that had encryption option enabled & password supplied during folder creation.
(2) previously created folders were not displayed as expected.
(3) newly created folders with encryption option "disabled" during folder creation were also not displayed as expected... bravo!
Now, in the shared folders encryption panel;
(4) it shows status as "protected" upon creation and was able to view/create sub-directories, copy to/from &  open files directly from the encrypted folder... IN CLEAR TEXT.. using workgroup in my network places with a xp.
(5) After clicking "enable" in the action column, and having supplied & validated the password, the status changed from "protected" to enabled". The sharedfolder remained visible in workgroup, but is empty, i.e the contents and sub-directories are no longer visible.

Seems to me the behaviou in (4) & (5) are opposite of what is described in the contrib wiki:
"An encrypted shared folders can be protected (data is only available in encrypted form) or enabled (data appear in clear text,..."

This is further reinforced by the warning message below when one clicks 'protect" in the action column:
"Are you sure you want to protect this shared folder ? Once protected, the content won't be accessible until re-enabled with the associated password."

My previous question on my first post under item 4:
"How can one be sure an encrypted folder is encrypted?" As a user/potential user, it is reasonable to expect some assurance with evidence that there is encryption in addition to seeing an empty folder, without going into the codes.

merci in advance

will checkout the usermanager interaction, ajaxplorer this weekend if time permits.

[Daniel B.]

Hi.

Yes, I admit the behavior is not the one you'd expect, but I'll try to explain how it works and why it works that way

As explained in the wiki page, an encrypted share can either be protected (the data are not available, nor visible through samba/http/ajaxplorer) or enabled (encrypted data appear as clear text, encryption/decryption is done on the fly). In fact, it's a bit more than this: when you choose to encrypt a share, it can contains two set of data:

- when the share is "protected": you can access it through samba/http/ajaxplorer and read/write data in it. This data will never be encrypted and will just be stored in your server as if it was a unencrypted share (in /home/e-smith/files/shares/myshare/files)
- when you enable the share (unlock it with the correct password in the Encryption panel), the unencrypted data will "disappear", and you can access a new set of data. If you write files in a share while it's "enabled", the data will be encrypted on the fly (using fuse-encfs). Only the encrypted form is stored on the server (in /home/e-smith/files/shares/myshar/.store)
- When you will protect this share (or when the specified timeout has expired), the encrypted data will disappear, and you'll see the clear text data (the data you've written while the share was protected)

So basically, an encrypted share can handle two different set of data: clear text and encrypted. The encryption panel let you toggle between the two.

I've made it this way so you can "hide" your private data. If someone access a shared folder while it's protected, it can see some data (the clear text one) and so, will not think this share can contains something else.

I hope this helps.

Regards, Daniel