I want my CT 103 to be on encrypted filesystem. I decided to use encfs. I mount encrypted directory using this command:
encfs --public /vz/private/.enc_raw /vz/private/enc
I've tried also FUSE options like: allow_root and allow_other. And I have symbolic link "/vz/private/103" -> /vz/private/enc/103.
[-]# ls -l /vz/private/
total 36
lrwxrwxrwx 1 root root 8 Nov 10 14:52 103 -> enc/103/
I start the container and I can enter it using "vzctl enter". It appears, that as root I can manipulate files. But when I do "su -l user" I can read and delete existing files, but can't create new files. And this causes that e.g. postgres can't work properly. The same problems occur when I do "chroot" to the encrypted file system. When I do "chroot /vz/private/enc/103" I receive:
bash: /dev/null: Permission denied
bash: /dev/null: Permission denied
bash: /dev/null: Permission denied
bash: /dev/null: Permission denied
bash: /dev/null: Permission denied
bash: /dev/null: Permission denied
And the same messages appear on every "su -l" or "su -l user". And the "user" also cannot create new files, but can read and delete existing ones.
What shall I do?
System Info:
[~]# lsb_release -a
LSB Version: :core-3.1-amd64:core-3.1-ia32:core-3.1-noarch:graphics-3.1-amd64:graphics-3.1-ia32:graphics-3.1-noarch
Distributor ID: CentOS
Description: CentOS release 5.5 (Final)
Release: 5.5
Codename: Final
[~]# uname -a
Linux devmap.naviexpert.com 2.6.18-194.8.1.el5.028stab070.2 #1 SMP Tue Jul 6 14:55:39 MSD 2010 x86_64 x86_64 x86_64 GNU/Linux
[~]# ...
Installed Packages
ovzkernel.x86_64 2.6.18-194.8.1.el5.028stab070.2 installed
vzctl.x86_64 3.0.24.2-1 installed
vzctl-lib.x86_64 3.0.24.2-1 installed
vzpkg.noarch 2.7.0-18 installed
vzquota.x86_64 3.0.12-1 installed
vzrpm43.i386 4.3.3-7_nonptl.6 installed
vzrpm43-python.i386 4.3.3-7_nonptl.6 installed
vzrpm44.i386 4.4.1-22.5 installed
vzrpm44-python.i386 4.4.1-22.5 installed
vztmpl-centos-4.i386 2.0-2 installed
vztmpl-centos-5.i386 2.0-3 installed
vztmpl-fedora-7.i386 1.1-1 installed
vztmpl-fedora-9.i386 1.1-1 installed
vztmpl-fedora-core-3.i386 2.0-2 installed
vztmpl-fedora-core-4.i386 2.0-2 installed
vztmpl-fedora-core-5.i386 2.0-2 installed
vztmpl-fedora-core-6.i386 1.2-1 installed
vzyum.noarch 2.4.0-11 installed
...
Installed Packages
fuse-encfs.x86_64 1.4.1-1.el5.rf installed
A piece of my 103.conf file:
OSTEMPLATE="centos-5-x86_64-default"
ORIGIN_SAMPLE="basic"