Using encfs as non-root user (i.e. www-data)

From Fyzix
Jump to: navigation, search

Reference: http://mdda.net/oss-blog/2008-12/secure-development-laptop/

To secure the lighttpd webroot /var/www

Configure fuse

/etc/fuse.conf

# Set the maximum number of FUSE mounts allowed to non-root users.
# The default is 1000.
#
#mount_max = 1000
 
# Allow non-root users to specify the 'allow_other' or 'allow_root'
# mount options.
#
user_allow_other

Configure fuse device permissions

Any user can be used.

gpasswd -a username fuse
gpasswd -a www-data fuse
chmod a+rw /dev/fuse
chmod g+rw /dev/fuse
chgrp fuse /dev/fuse

Mount as www-data

su - www-data
cd /var/www
cd ..
encfs -o allow_other /var/encrypted /var/www