0

I want to encrypt a folder by encfs or ecryptfs in linux. I can do it, but i want just specific process can access to it and decryption accrues automatically for that process. No key to encryption needed by process. Can any help me?

amir hajizadeh
  • 125
  • 11
  • "decryption accrues automatically" - can you explain? – suspectus Jan 13 '14 at 10:50
  • I want a folder encrypted in my hard disk, and a mechanism that this folder automatically be decrypted for only one process and for other users or processes encrypted and encryption be transparent for process and it do not need to know encryption algorithm, key and etc. I can not use database or other solution, i must use files and folders only. – amir hajizadeh Jan 14 '14 at 05:01
  • 1 option is to use mount namespaces. Another is object capability systems mediated via a file descriptor. – CMCDragonkai Sep 27 '18 at 02:57

1 Answers1

0

File systems are made exactly for the idea to allow access for more than one process. To want to restrict this access now to only one process is somewhat the opposite of this idea, so it won't be smooth, however you solve your task.

A much more straight-forward way if you want just one process have access would be to not use a file system but a database or just the contents of a single file. This way it would be easy to restrict the access to exactly one process.

If you want to stick to the encfs (or similar) you could let the process run as a specific user which should be the only user to have read and execute permissions on the mounted file system's root.

Alfe
  • 56,346
  • 20
  • 107
  • 159
  • I want a folder encrypted in my hard disk, and a mechanism that this folder automatically be decrypted for only one process and for other users or processes encrypted and encryption be transparent for process and it do not need to know encryption algorithm, key and etc. I can not use database or other solution, i must use files and folders only. – amir hajizadeh Jan 14 '14 at 05:01
  • Yeah, I see. Then stick to the special user who shall be the only one with read and execute permissions on the mounted root of the encfs. I see no other option then. – Alfe Jan 14 '14 at 09:05