396621 – Add option to allow root (or other user) to access the opened vault

Bug 396621 - Add option to allow root (or other user) to access the opened vault

Summary: Add option to allow root (or other user) to access the opened vault

Status:	RESOLVED FIXED

Alias:	None

Product:	Plasma Vault
Classification:	Plasma
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR wishlist
Target Milestone:	---
Assignee:	Ivan Čukić

URL:
Keywords:

Duplicates (2):	397934 407274 (view as bug list)
Depends on:
Blocks:

Reported:	2018-07-18 07:58 UTC by Damien Guihal
Modified:	2025-04-04 15:06 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:	https://commits.kde.org/plasma-vault/108d408dac3c875cd71272305ae6a8d096ef4b5a
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Damien Guihal 2018-07-18 07:58:35 UTC

For my use case I would need that the credentials I store in my vault to be accessible from a dockerized app as a bind volume.

To do this I need the "allow_root" to be passed as an argument for cryfs (this also needs to be allowed in /etc/fuse.conf but that's out of scope here).

> cryfs ~/.vaults/Vault.enc Vault -- -o allow_root


Would it be possible to surface this option in the Advanced Tab.

Maybe also extend to the allow_other option which has the same mechanism.

Comment 1 Ivan Čukić 2018-07-23 08:27:15 UTC

This is *not* going to be exposed in the UI.

But it will be possible to add custom mounting options per-backend in the next release.

Mind that this is not officially supported (aka HERE BE DRAGONS).



The steps to set this up are:

0. Edit /etc/fuse.conf and uncomment user_allow_other

1. Kill KDED

   kquitapp5 kded5
   killall kded5

2. Open the config file (usually ~/.config/plasmavaultrc)

3. Add a new section [CryfsBackend] or [EncfsBackend]

4. Define extraMountOptions field

   extraMountOptions=--,-o,allow_root

5. Restart kded5 (or restart the computer)

Comment 2 Ivan Čukić 2018-07-23 08:27:57 UTC

Git commit 108d408dac3c875cd71272305ae6a8d096ef4b5a by Ivan Čukić.
Committed on 23/07/2018 at 08:21.
Pushed by ivan into branch 'master'.

Allowing custom options to be passed to encfs and cryfs

M  +6    -1    kded/engine/backends/cryfs/cryfsbackend.cpp
M  +8    -1    kded/engine/backends/encfs/encfsbackend.cpp

https://commits.kde.org/plasma-vault/108d408dac3c875cd71272305ae6a8d096ef4b5a

Comment 3 Ivan Čukić 2018-08-29 13:45:43 UTC

*** Bug 397934 has been marked as a duplicate of this bug. ***

Comment 4 Ivan Čukić 2019-05-09 21:50:33 UTC

*** Bug 407274 has been marked as a duplicate of this bug. ***

Comment 5 Ivan Čukić 2019-05-09 21:54:23 UTC

Note to users who stumble on this report:

There is *no* guarantee that the custom mounting options will be available in the future. I don't plan to remove this feature, but the backends might choose (I've heard it through the grapevine) to stop accepting options for FUSE.

Use this carfully.

Comment 6 bugs-kde 2025-04-04 15:06:55 UTC

Hi,

If you use Gocryptfs you need to use their backend options
```~/.config/plasmavaultrc
[GocryptfsBackend]
extraMountOptions=--,-allow_other
```

For now, Gocryptfs doesn't have allow_root option, but this is under discussion https://github.com/rfjakob/gocryptfs/issues/899