Unable to access mounted folder on OSX

[acalatrava]

Context

• svfs version : GIT release compiled (0.7.4)
• storage provider : hubiC
• product : mount.svfs
• os : osx 10.11.5 (El Capitan)

  Steps to reproduce this issue :

After mounting the Swift filesystem I get no access unless I'm root... The mount command was executed under user login, not root... I tried with the allow_other and allow_root options with no success.

iMac:test acalatrava$ mkdir hubiC
iMac:test acalatrava$ mount.svfs hubiC hubiC -o hubic_auth=[REDACTED]=,hubic_token=[REDACTED],container=default,allow_root=false,allow_other=true
iMac:test acalatrava$ ls -la
total 8
drwxr-xr-x    3 acalatrava  staff   102  7 ago 19:41 .
drwxr-xr-x+ 139 acalatrava  staff  4726  7 ago 19:41 ..
drwx------    1 root        wheel  4096  7 ago 19:42 hubiC
iMac:test acalatrava$ cd hubiC/
-bash: cd: hubiC/: Permission denied
iMac:test acalatrava$ sudo su
Password:
sh-3.2# cd hubiC/
sh-3.2# ls -la
total 40
drwx------  1 root  wheel  4096  7 ago 13:32 .ovhPub
drwx------  1 root  wheel  4096  7 ago 13:07 Documents
drwx------  1 root  wheel  4096  7 ago 13:07 Images
drwx------  1 root  wheel  4096  7 ago 13:07 Videos
sh-3.2#

[w3st3ry]

I had the same issue in the past, try to set uid and gid options using those of your current user.

(You can get uid and gid of your current user using id command directly in the shell.)

[acalatrava]

Awesome! that did the trick :)

I'm also trying enabling encryption. Do you know how to generate the AES key file?

[w3st3ry]

For now, it's disabled since 3 releases because we waiting the server-side encryption on Swift directly.

[acalatrava]

Well I tried the crypto branch and it's working fine, at least with a 16bytes key.

I don't understand... server-side encryption? Why would you trust that? I mean if you want encryption is to protect your files, so doing a server-side encryption means that your files will travel unencrypted and trust the provider... That's not good...

[w3st3ry]

Yes but this branch will not be updated. :/

Sorry I misspoke, all the datas in transit will be protected too. It's a new feature powered by Swift using master key. Check out : https://github.com/openstack/swift/blob/master/CHANGELOG (2.9.0)

[xlucas]

@acalatrava Actually, encryption support was dropped since it needs a rework in order to implement everything I have in mind a proper way : ensure IV unicity with cipher text chaining and add metadata encryption. Bonus features would be using master key and encryption/signing keys and add a key renewal process.

You are right, this is completely legitimate to comply with a 'zero knowledge' policy and that's why I started working on this, but I'm lacking time to get everything right.