I am considering running encfs over glusterfs so that I can include insecure
boxes in the storage backend for our backups running rdiff-backup. Actually,
I would prefer the crypto to be done in glusterfs, but I understand that's a
little way off.
Does anyone use this arrangement -- and are there any gotchas?
In case you don't know, here's how the encrypted part of encfs looks:
~/.crypt$ ls -la
total 216
drwx------+ 8 andrewm andrewm 4096 2009-01-13 20:47 .
drwxr-x---+ 84 andrewm andrewm 12288 2009-01-30 16:08 ..
drwx------+ 7 andrewm andrewm 4096 2009-01-30 16:22 0IBZ4H3k84Id,b5SLxcUth7P
drwxr-x---+ 43 andrewm andrewm 4096 2009-01-22 13:14 8K8DI0H50LY8sA-k0M4m8au1
-rw-r-----+ 1 andrewm andrewm 71923 2009-01-30 13:00 CuTVvivzRtVXW--9aIZNTUGP
drwxr-x---+ 28 andrewm andrewm 4096 2009-01-30 16:08 EgCyclxjGnsa0EYf,rpxKpAg
-rw-r-----+ 1 andrewm andrewm 239 2008-06-24 22:34 .encfs5
drwx------+ 4 andrewm andrewm 4096 2008-12-14 17:49 ldubuvg2gMnrI8hDUiL1QC,m
drwxr-x---+ 9 andrewm andrewm 53248 2009-01-08 11:26 lM,Bh2CjGF1qp-ubU98Boqyr
drwx------+ 9 andrewm andrewm 4096 2009-01-01 12:23 nuUVB4uIqfyNF8BQwEOmB4gt
lrwxrwxrwx+ 1 andrewm andrewm 49 2008-09-08 08:57
Zclx5CVF6z20FqkURS7zMhyT -> EgCyclxjGnsa0EYf,rpxKpAg/QkAtJiPaFEsGPxqwo9WAFfji
And the plaintext part of a encfs filesystem:
~/crypt$ ls -la
total 208
drwx------+ 8 andrewm andrewm 4096 2009-01-13 20:47 .
drwxr-x---+ 84 andrewm andrewm 12288 2009-01-30 16:08 ..
drwxr-x---+ 43 andrewm andrewm 4096 2009-01-22 13:14 work
drwx------+ 7 andrewm andrewm 4096 2009-01-30 16:22 stuff
drwx------+ 9 andrewm andrewm 4096 2009-01-01 12:23 friends
lrwxrwxrwx+ 1 andrewm andrewm 49 2008-09-08 08:57 me -> foo/baz
drwxr-x---+ 9 andrewm andrewm 53248 2009-01-08 11:26 junk
drwx------+ 4 andrewm andrewm 4096 2008-12-14 17:49 .Trash-1000
drwxr-x---+ 28 andrewm andrewm 4096 2009-01-30 16:08 morejunk
-rw-r-----+ 1 andrewm andrewm 70787 2009-01-30 13:00 whatever