cbrad

I don't really follow this sort of thing, but I noticed a story on the French police switching from Windows to Ubuntu. Even if the numbers are wrong, it is nice to see a large organisation that has actually not followed the defacto standard of Windows, which is what I see in the organisations around me.

In my first look at JungleDisk on linux, I missed the fact that it uses WebDAV by default. Not only does this expose all your JungleDisk files to anyone that can connect to the WebDAV server on your machine (port 2667 by default), but it also has file metatdata issues (timestamps, permissions).

On linux, JungleDisk can also be mounted as a FUSE filesystem.

In switching from WebDAV to FUSE, I had a few minor issues:

• Disabling WebDAV (optional) is achieved by setting the local port to 0. I tried through the GUI, but it didn't seem to get persisted. Modifying the jungledisk-settings.ini file directly did the trick.


• When using the command line only daemon, I needed to use an absolute path for the mountpoint.


• When using the command line only daemon I couldn't figure out how to see pending operations (without having WebDAV enabled). So I switched back to the GUI version.

I have installed JungleDisk on my ubuntu linux machine at work and my mac mini at home. I have set it up to use encryption and have been happily accessing (read and write) the same data from both machines (at different times).

Using the default settings on linux, JungleDisk mounts to $HOME/jungledisk and stores its configuration and cache in $HOME/.jungledisk.

When mounted, it seems that no other user can access the jungledisk directory. I tried as root and got a permission denied error. I was pleasantly surprised by this behaviour.

However, any user with sufficient permissions can access the .jungledisk directory. This contains both a local cache and a configuration file named jungledisk-settings.ini. There are two security issues here:

• The jungledisk-settings.ini file contains both your AWS secret key and your encryption/decryption keys in the clear.


• The local cache is unencrypted.

The simple solution was to move the .jungledisk directory into an encrypted encfs directory and create a symlink to it. Problem solved.

EDIT: There is a now a follow-up post.