Changes

From SME Server
Jump to navigationJump to search
972 bytes added ,  18:55, 8 December 2016
m
Line 117: Line 117:  
  lsmod | grep fuse
 
  lsmod | grep fuse
   −
Now, when you create a new shared folder, you have a new option to encrypt the data. You'll have to type a password, and to select '''enabled''' for the encryption. An encrypted shared folders can be '''protected''' (data is only available in encrypted form) or '''enabled''' (data appear in clear text, encryption/decryption is done on the fly). Changing the state of an encrypted shared folder can be done through the 'Shared Folder Encryption' panel in the server-manager. You can grant access to this panel to all users using the [[UserManager]] contrib. Users will only be able to toggle mode of shared folders they have access to (and of course, they need to know the correct password)
+
Now, when you create a new shared folder, you have a new option to encrypt the data. You'll have to type a password, and to select '''enabled''' for the encryption.<br /><br />
 +
 
 +
 
 +
'''An encrypted shared folders can be "protected" or "enabled" and contains for each state a different corresponding data''' ( = a shared folder get a data for "enable" and another for "protected"):
 +
* When the share is "protected", you can write to it: files written to the server while the share is protected will not be encrypted, instead, it'll be directly stored into the files folder in the share.
 +
* When the share is "enabled", you mount the .store folder over the files folder, using encfs. When this happens, the cleartext dataset (stored directly in files) will be hidden, and you have access to a second, completely separated data set. The data you write when the share is enabled will be encrypted on the fly, and stored in the .store folder.
 +
:As soon as you "protect" the share (or when the inactivity timeout occurres), the encrypted volume is unmounted, and you get the unencrypted share available again
 +
 
 +
Changing the state of an encrypted shared folder can be done through the 'Shared Folder Encryption' panel in the server-manager.  
 +
You can grant access to this panel to all users using the [[UserManager]] contrib. Users will only be able to toggle mode of shared folders they have access to (and of course, they need to know the correct password).
 +
 
 +
'''''Note:''''' If already mounted, Samba looses the access to the shared folder if its status "protected"/"enabled" is modified. Then the share must be umounted and mounted again to get access to the other data set.
 +
 
    
==== Limitations with encryption ====
 
==== Limitations with encryption ====
41

edits

Navigation menu