No mounting point in /etc/mtab when using encfs from within apache2
I've written a webpage that lets me remotely mount an encfs encrypted folder, which is then accessible via WebDAV. It's basically just a password form with a mount / unmount button, which tries to mount / unmount a predefined encfs encrypted drive with the password supplied via the form. Basically a internet accessible wrapper to
encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted
This works as intended, as in I can mount / unmount the encrypted drive and I can see / read the unencrypted data via WebDAV.
But there is something strange going on:
The unencrypted view of the folder is ONLY accessible via WebDAV.
If I run sudo -u www-data ls -la /var/www (www-data is the user running the webserver and therefore also the user mounting the drive, I've confirmed this with htop) or as any other user, I see the mounting point (in the example above this would be /var/www/unencrypted) as a regular folder, not like a typical encfs folder, which should normally look something like this:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
d????????? ? ? ? ? ? unencrypted
but actually it looks like that:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
drwxr-xr-x 2 www-data www-data 4096 Jan 31 21:47 unencrypted
just like a normal folder (which is reported as being empty, although the same folder has data in it when accessing it via WebDAV).
Also there is no entry in /etc/mtab indicating that the encfs drive was ever mounted. For all intents and purposes, it looks as if the drive was never mounted, although it in fact definitely is, because I can access it via WebDAV and also the ecnfs process is clearly running, as shown in htop.
How does this happen and how to fix this?
PS: If I run
sudo -u www-data bash -c "echo $(cat /tmp/passwort_file) | encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted"
from the terminal, there is no such behavior. The folder is still accessible via WebDAV, but in this case it also correctly appears in /etc/mtab and is also visible as an encfs drive when using ls -la.
apache-http-server php encfs
asked Feb 1 at 2:58
luksenluksen
133
add a comment |
I've written a webpage that lets me remotely mount an encfs encrypted folder, which is then accessible via WebDAV. It's basically just a password form with a mount / unmount button, which tries to mount / unmount a predefined encfs encrypted drive with the password supplied via the form. Basically a internet accessible wrapper to
encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted
This works as intended, as in I can mount / unmount the encrypted drive and I can see / read the unencrypted data via WebDAV.
But there is something strange going on:
The unencrypted view of the folder is ONLY accessible via WebDAV.
If I run sudo -u www-data ls -la /var/www (www-data is the user running the webserver and therefore also the user mounting the drive, I've confirmed this with htop) or as any other user, I see the mounting point (in the example above this would be /var/www/unencrypted) as a regular folder, not like a typical encfs folder, which should normally look something like this:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
d????????? ? ? ? ? ? unencrypted
but actually it looks like that:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
drwxr-xr-x 2 www-data www-data 4096 Jan 31 21:47 unencrypted
just like a normal folder (which is reported as being empty, although the same folder has data in it when accessing it via WebDAV).
Also there is no entry in /etc/mtab indicating that the encfs drive was ever mounted. For all intents and purposes, it looks as if the drive was never mounted, although it in fact definitely is, because I can access it via WebDAV and also the ecnfs process is clearly running, as shown in htop.
How does this happen and how to fix this?
PS: If I run
sudo -u www-data bash -c "echo $(cat /tmp/passwort_file) | encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted"
from the terminal, there is no such behavior. The folder is still accessible via WebDAV, but in this case it also correctly appears in /etc/mtab and is also visible as an encfs drive when using ls -la.
apache-http-server php encfs
asked Feb 1 at 2:58
luksenluksen
133
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31
add a comment |
I've written a webpage that lets me remotely mount an encfs encrypted folder, which is then accessible via WebDAV. It's basically just a password form with a mount / unmount button, which tries to mount / unmount a predefined encfs encrypted drive with the password supplied via the form. Basically a internet accessible wrapper to
encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted
This works as intended, as in I can mount / unmount the encrypted drive and I can see / read the unencrypted data via WebDAV.
But there is something strange going on:
The unencrypted view of the folder is ONLY accessible via WebDAV.
If I run sudo -u www-data ls -la /var/www (www-data is the user running the webserver and therefore also the user mounting the drive, I've confirmed this with htop) or as any other user, I see the mounting point (in the example above this would be /var/www/unencrypted) as a regular folder, not like a typical encfs folder, which should normally look something like this:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
d????????? ? ? ? ? ? unencrypted
but actually it looks like that:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
drwxr-xr-x 2 www-data www-data 4096 Jan 31 21:47 unencrypted
just like a normal folder (which is reported as being empty, although the same folder has data in it when accessing it via WebDAV).
Also there is no entry in /etc/mtab indicating that the encfs drive was ever mounted. For all intents and purposes, it looks as if the drive was never mounted, although it in fact definitely is, because I can access it via WebDAV and also the ecnfs process is clearly running, as shown in htop.
How does this happen and how to fix this?
PS: If I run
sudo -u www-data bash -c "echo $(cat /tmp/passwort_file) | encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted"
from the terminal, there is no such behavior. The folder is still accessible via WebDAV, but in this case it also correctly appears in /etc/mtab and is also visible as an encfs drive when using ls -la.
apache-http-server php encfs
asked Feb 1 at 2:58
luksenluksen
133
I've written a webpage that lets me remotely mount an encfs encrypted folder, which is then accessible via WebDAV. It's basically just a password form with a mount / unmount button, which tries to mount / unmount a predefined encfs encrypted drive with the password supplied via the form. Basically a internet accessible wrapper to
encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted
This works as intended, as in I can mount / unmount the encrypted drive and I can see / read the unencrypted data via WebDAV.
But there is something strange going on:
The unencrypted view of the folder is ONLY accessible via WebDAV.
If I run sudo -u www-data ls -la /var/www (www-data is the user running the webserver and therefore also the user mounting the drive, I've confirmed this with htop) or as any other user, I see the mounting point (in the example above this would be /var/www/unencrypted) as a regular folder, not like a typical encfs folder, which should normally look something like this:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
d????????? ? ? ? ? ? unencrypted
but actually it looks like that:
drwxr-xr-x 5 www-data www-data 4096 Feb 1 02:25 .
drwxr-xr-x 15 root root 4096 Jan 31 11:46 ..
drwxr-xr-x 2 www-data www-data 4096 Jan 31 21:47 unencrypted
just like a normal folder (which is reported as being empty, although the same folder has data in it when accessing it via WebDAV).
Also there is no entry in /etc/mtab indicating that the encfs drive was ever mounted. For all intents and purposes, it looks as if the drive was never mounted, although it in fact definitely is, because I can access it via WebDAV and also the ecnfs process is clearly running, as shown in htop.
How does this happen and how to fix this?
PS: If I run
sudo -u www-data bash -c "echo $(cat /tmp/passwort_file) | encfs --stdinpass /encfs/drive/encrypted/ /var/www/unencrypted"
from the terminal, there is no such behavior. The folder is still accessible via WebDAV, but in this case it also correctly appears in /etc/mtab and is also visible as an encfs drive when using ls -la.
apache-http-server php encfs
apache-http-server php encfs
asked Feb 1 at 2:58
luksenluksen
133
asked Feb 1 at 2:58
luksenluksen
133
edited Feb 1 at 12:46
luksen
asked Feb 1 at 2:58
luksenluksen
133
asked Feb 1 at 2:58
luksenluksen
133
asked Feb 1 at 2:58
luksenluksen
133
133
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31
add a comment |
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31
add a comment |
1 Answer
1
active
oldest
votes
I'm assuming this is Debian Linux or Ubuntu, with systemd as the service manager.
Linux supports "mount namespaces" which provide different views of the filesystem to different processes (like chroot but much more flexible and headache-inducing). Systemd allows using this feature to harden the system against security issues and attacks; for example, certain services may see /home as empty or /etc as read-only.
Most distributions use these security settings in apache2.service – if you run systemctl cat apache2, you'll see that it's configured to have its own private /tmp directory:
[Service]
...
PrivateTmp=true
The side effect of mount namespaces is that they're somewhat global: once systemd "unshares" / to be able to create Apache-only mounts underneath, even if it only needs a single mount, the same effect still applies to all mounts created by the Apache service. (For services, this is to some extent intentional: why would a web server need to mount filesystems, really? Principle of least privilege.)
So if you run findmnt or cat /proc/self/mounts, you will only see mounts in the root namespace. But if you run nsenter --mount --target <APACHE_PID> findmnt or cat /proc/<APACHE_PID>/mounts, you'll see both those inherited from root namespace, and those private to the Apache process.
To disable this protection, run systemctl edit --full apache2 and remove all settings starting with Private*, ReadOnly*, or Inaccessible*.
answered Feb 1 at 13:21
grawitygrawity
242k37510567
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1400828%2fno-mounting-point-in-etc-mtab-when-using-encfs-from-within-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I'm assuming this is Debian Linux or Ubuntu, with systemd as the service manager.
Linux supports "mount namespaces" which provide different views of the filesystem to different processes (like chroot but much more flexible and headache-inducing). Systemd allows using this feature to harden the system against security issues and attacks; for example, certain services may see /home as empty or /etc as read-only.
Most distributions use these security settings in apache2.service – if you run systemctl cat apache2, you'll see that it's configured to have its own private /tmp directory:
[Service]
...
PrivateTmp=true
The side effect of mount namespaces is that they're somewhat global: once systemd "unshares" / to be able to create Apache-only mounts underneath, even if it only needs a single mount, the same effect still applies to all mounts created by the Apache service. (For services, this is to some extent intentional: why would a web server need to mount filesystems, really? Principle of least privilege.)
So if you run findmnt or cat /proc/self/mounts, you will only see mounts in the root namespace. But if you run nsenter --mount --target <APACHE_PID> findmnt or cat /proc/<APACHE_PID>/mounts, you'll see both those inherited from root namespace, and those private to the Apache process.
To disable this protection, run systemctl edit --full apache2 and remove all settings starting with Private*, ReadOnly*, or Inaccessible*.
answered Feb 1 at 13:21
grawitygrawity
242k37510567
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
add a comment |
I'm assuming this is Debian Linux or Ubuntu, with systemd as the service manager.
Linux supports "mount namespaces" which provide different views of the filesystem to different processes (like chroot but much more flexible and headache-inducing). Systemd allows using this feature to harden the system against security issues and attacks; for example, certain services may see /home as empty or /etc as read-only.
Most distributions use these security settings in apache2.service – if you run systemctl cat apache2, you'll see that it's configured to have its own private /tmp directory:
[Service]
...
PrivateTmp=true
The side effect of mount namespaces is that they're somewhat global: once systemd "unshares" / to be able to create Apache-only mounts underneath, even if it only needs a single mount, the same effect still applies to all mounts created by the Apache service. (For services, this is to some extent intentional: why would a web server need to mount filesystems, really? Principle of least privilege.)
So if you run findmnt or cat /proc/self/mounts, you will only see mounts in the root namespace. But if you run nsenter --mount --target <APACHE_PID> findmnt or cat /proc/<APACHE_PID>/mounts, you'll see both those inherited from root namespace, and those private to the Apache process.
To disable this protection, run systemctl edit --full apache2 and remove all settings starting with Private*, ReadOnly*, or Inaccessible*.
answered Feb 1 at 13:21
grawitygrawity
242k37510567
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
add a comment |
I'm assuming this is Debian Linux or Ubuntu, with systemd as the service manager.
Linux supports "mount namespaces" which provide different views of the filesystem to different processes (like chroot but much more flexible and headache-inducing). Systemd allows using this feature to harden the system against security issues and attacks; for example, certain services may see /home as empty or /etc as read-only.
Most distributions use these security settings in apache2.service – if you run systemctl cat apache2, you'll see that it's configured to have its own private /tmp directory:
[Service]
...
PrivateTmp=true
The side effect of mount namespaces is that they're somewhat global: once systemd "unshares" / to be able to create Apache-only mounts underneath, even if it only needs a single mount, the same effect still applies to all mounts created by the Apache service. (For services, this is to some extent intentional: why would a web server need to mount filesystems, really? Principle of least privilege.)
So if you run findmnt or cat /proc/self/mounts, you will only see mounts in the root namespace. But if you run nsenter --mount --target <APACHE_PID> findmnt or cat /proc/<APACHE_PID>/mounts, you'll see both those inherited from root namespace, and those private to the Apache process.
To disable this protection, run systemctl edit --full apache2 and remove all settings starting with Private*, ReadOnly*, or Inaccessible*.
answered Feb 1 at 13:21
grawitygrawity
242k37510567
I'm assuming this is Debian Linux or Ubuntu, with systemd as the service manager.
Linux supports "mount namespaces" which provide different views of the filesystem to different processes (like chroot but much more flexible and headache-inducing). Systemd allows using this feature to harden the system against security issues and attacks; for example, certain services may see /home as empty or /etc as read-only.
Most distributions use these security settings in apache2.service – if you run systemctl cat apache2, you'll see that it's configured to have its own private /tmp directory:
[Service]
...
PrivateTmp=true
The side effect of mount namespaces is that they're somewhat global: once systemd "unshares" / to be able to create Apache-only mounts underneath, even if it only needs a single mount, the same effect still applies to all mounts created by the Apache service. (For services, this is to some extent intentional: why would a web server need to mount filesystems, really? Principle of least privilege.)
So if you run findmnt or cat /proc/self/mounts, you will only see mounts in the root namespace. But if you run nsenter --mount --target <APACHE_PID> findmnt or cat /proc/<APACHE_PID>/mounts, you'll see both those inherited from root namespace, and those private to the Apache process.
To disable this protection, run systemctl edit --full apache2 and remove all settings starting with Private*, ReadOnly*, or Inaccessible*.
answered Feb 1 at 13:21
grawitygrawity
242k37510567
edited Feb 1 at 13:28
answered Feb 1 at 13:21
grawitygrawity
242k37510567
answered Feb 1 at 13:21
grawitygrawity
242k37510567
answered Feb 1 at 13:21
grawitygrawity
242k37510567
242k37510567
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
add a comment |
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
Thank you, I can confirm that this was exactly the issue. I kinda suspected that apache2 might run in some kind of "protected environment", but I didn't know that this "mount namespaces" even existed. Glad I learned something new. Now I am reluctant to completely disable this protection. Is there any way to only disable it for this one command/mounting point?
– luksen
Feb 1 at 21:10
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
After reading into nsenter, I found out that I can use it to enter the namespace of the root PID, if I use nsenter --all --target 1 encfs [...]. With this, the mounting / unmounting works globally, but I guess it's pretty unsafe to nsenter the namespace(s) of the root PID?
– luksen
Feb 2 at 0:14
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
Well, the problem is that you need root privileges to do this in the first place... It's doable (using sudo), but you should be very precise when writing the sudo rules – only allow the exact command that's needed, without variations or wildcards.
– grawity
Feb 2 at 0:40
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1400828%2fno-mounting-point-in-etc-mtab-when-using-encfs-from-within-apache2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I dont think your test command runs the mount as www-data (only the echo)
– davidgo
Feb 1 at 9:23
You are right, sudo - u www-data would only apply to the echo, not everything after the pipe. But actually I run the whole command in a script, so it should run everything as www-data (and looking at htop it does). Sorry for the confusion, I will change the test command example to reflect that.
– luksen
Feb 1 at 12:31