Is it safe to alter the underlying encrypted files for a live mounted ecryptfs volume?

Question

I want to do live synchronization of an encrypted directory with a server, such that the server only sees encrypted data.

Suppose I put the underlying ecryptfs data in:

/home/user/.Private

And I mount that directory at:

/home/user/unlocked

Can I update the files in .Private (e.g. using rsync) and expect unlocked to reflect the changes? Or is this going to just mess things up? Are there better alternatives for live synchronization of encrypted data?

---

UPDATE to clarify:

I want to only ever transmit encrypted data to the server -- the server is not trusted. So I want to see:

 client <-- encrypted data --> server

There may be more than one client updating (decrypted) files; hence the live-synchronization desire:

 client1
        \
         \--- encrypted data --\
                                \
                                 server
                                /
         /--- encrypted data --/
        /
 client2

So the client has a directory containing encrypted files -- chunked the way ecryptfs does it:

/home/client1/.Private/
                 |--- ECRYPTFS_FNEK_ENCRYPTED.Fabcde.../
                 |                                    |--- ECRYPTFS_FNEK_...
                 |
                 |--- ECRYPTFS_FNEK_ENCRYPTED.Flaksd.../
                                                      |--- ...

This is mounted with ecryptfs:

/home/client1/unlocked/
                 |--- secret_file_1
                 |--- secret_file_2

Now, client1 is busily making changes to files in unlocked. When the client makes changes, the underlying encrypted files in .Private change as well. So a local inotify or some such notices the changes and rsyncs the encrypted base files in .Private to server. The server, aware that client2 is also listening, notifies client2 that it should pull changes.

So my concern is: If client2 pulls down the underlying encryptfs chunked files into .Private while it is mounted in unlocked, I suspect this will cause problems, no? This would require client2 to unmount unlocked prior to syncing, which defeats the whole "live synchronizaton" idea.

If so, what are good alternative techniques for efficient syncing of diffs of an encrypted tree?

Answer 1

According to Tyler Hicks (one of the maintainers of eCryptfs) it is currently not safe to modify underlying filesystem (lower filesystem in eCryptfs terminology):

It would be good if eCryptfs could detect lower file data changes and update the cache to see the file updated.

Even if we could detect them, how would we mediate them against dirty eCryptfs pages? How do we know what is the most up-to-date data?

Unfortunately, direct modifications to the lower filesystem are simply not supported. If a modification doesn't go through the eCryptfs mount point, we cannot be expected to know about it due to the eCryptfs architecture.

Source: https://bugs.launchpad.net/bugs/689030

Answer 2

To update files in the ecryptfs filesystem you need to update them in the mount point - in the encrypted filesystem you would need to update the entire thing at once, as it has no concept of files or directories - it is just a large chunk of data.

Yes, you can use rsync to back that data up somewhere, but in order to read or write a particular file you need to mount it.

You can mount it from various different places (probably best not to try this simultaneously :-) so why not use a shell script which mounts, rsync's the relevant files and unmounts whenever relevant files are updated?

useful info here