When an encrypted directory is mounted using EncFS as a regular user, you cannot execute a script in it with sudo (as root):
$ sudo /run/media/yeti/usbdrive/encfs/test.sh
sudo: /run/media/yeti/usbdrive/encfs/test.sh: command not found
This is a security feature, but how can I still grant root permissions to this mounted directory (without mounting as root)?
More details
I am using Arch Linux, and I have an encrypted directory using EncFS:
sudo pacman -S encfs
usbpath="/run/media/yeti/usbdrive"
encfs "$usbpath/.encfs" "$usbpath/encfs"
echo 'echo hello world' > "$usbpath/encfs/test.sh"
sudo chmod +x "$usbpath/encfs/test.sh"
Then this command works just like expected:
$ /run/media/yeti/usbdrive/encfs/test.sh
hello world
But when I use sudo, I get an error:
$ sudo /run/media/yeti/usbdrive/encfs/test.sh
sudo: /run/media/yeti/usbdrive/encfs/test.sh: command not found
Then I realized that this is a security feature of EncFS, which is actually quite good. When I do a directory listing as root (after su), I find the following:
$ ls /run/media/yeti/usbdrive/encfs/
ls: cannot access '/run/media/yeti/usbdrive/encfs': Permission denied
[...]
d?????????? ? ? ? ? ? encfs
drwxrwxrwx 1 yeti yeti 0 Sep 30 00:31 .encfs
[...]
But in my case, I am on a system where I am in fact root, and where sudo could be passwordless. Therefore, this security feature is only getting in the way. However, I do not want to mount the encrypted directory as root either (because then I'd need to run my filemanager and other applications as root too).
What I did as a workaround to this problem is to copy the file outside of the encrypted directory (cp "$usbpath/encfs/test.sh" /tmp/test.sh), and then execute it as root (sudo /tmp/test.sh).
Next to documenting this question for other people who may experience the same issue, the question I still have left is: Is there a better way to do this?
