-i, --idle=MINUTES
Enable automatic unmount of the filesystem after a period of inactivity. The period is specified in
minutes, so the shortest timeout period that can be requested is one minute. EncFS will not
automatically unmount if there are files open within the filesystem, even if they are open in read-
only mode. However simply having files open does not count as activity.
|
-f The -f (foreground) option causes EncFS to run in the foreground. Normally EncFS spawns off as a
daemon and runs in the background, returning control to the spawning shell. With the -f option, it
will run in the foreground and any warning/debug log messages will be displayed on standard error.
In the default (background) mode, all log messages are logged via syslog.
|
-v, --verbose
Causes EncFS to enable logging of various debug channels within EncFS. Normally these logging
messages are disabled and have no effect. It is recommended that you run in foreground (-f) mode
when running with verbose enabled.
|
-s The -s (single threaded) option causes EncFS to run in single threaded mode. By default, EncFS runs
in multi-threaded mode. This option is used during EncFS development in order to simplify debugging
and allow it to run under memory checking tools..
|
-d, --fuse-debug
Enables debugging within the FUSE library. This should only be used if you suspect a problem within
FUSE itself (not EncFS), as it generates a lot of low-level data and is not likely to be very helpful
in general problem tracking. Try verbose mode (-v) first, which gives a higher level view of what is
happening within EncFS.
|
--forcedecode
This option only has an effect on filesystems which use MAC block headers. By default, if a block is
decoded and the stored MAC doesn't match what is calculated, then an IO error is returned to the
application and the block is not returned. However, by specifying --forcedecode, only an error will
be logged and the data will still be returned to the application. This may be useful for attempting
to read corrupted files.
|
--public
Attempt to make encfs behave as a typical multi-user filesystem. By default, all FUSE based
filesystems are visible only to the user who mounted them. No other users (including root) can view
the filesystem contents. The --public option does two things. It adds the FUSE flags "allow_other"
and "default_permission" when mounting the filesystem, which tells FUSE to allow other users to
access the filesystem, and to use the ownership permissions provided by the filesystem. Secondly,
the --public flag changes how encfs's node creation functions work - as they will try and set
ownership of new nodes based on the caller identification.
Warning: In order for this to work, encfs must be run as root -- otherwise it will not have the
ability to change ownership of files. I recommend that you instead investigate if the fuse
allow_other option can be used to do what you want before considering the use of --public.
|
--ondemand
Mount the filesystem on-demand. This currently only makes sense in combination with --idle and
--extpass options. When the filesystem becomes idle, instead of exiting, EncFS stops allowing access
to the filesystem by internally dropping it's reference to it. If someone attempts to access the
filesystem again, the extpass program is used to prompt the user for the password. If this succeeds,
then the filesystem becomes available again.
|
--reverse
Normally EncFS provides a plaintext view of data on demand. Normally it stores enciphered data and
displays plaintext data. With --reverse it takes as source plaintext data and produces enciphered
data on-demand. This can be useful for creating remote encrypted backups, where you do not wish to
keep the local files unencrypted.
For example, the following would create an encrypted view in /tmp/crypt-view.
|
--standard
If creating a new filesystem, this automatically selects standard configuration options, to help with
automatic filesystem creation. This is the set of options that should be used unless you know what
you're doing and have read the documentation.
When not creating a filesystem, this flag does nothing.
|
-o FUSE_ARG
Pass through FUSE args to the underlying library. This makes it easy to pass FUSE options when
mounting EncFS via mount (and /etc/fstab). Eg:
|
--no-default-flags
Encfs adds the FUSE flags "use_ino" and "default_permissions" by default, as of version 1.2.2,
because that improves compatibility with some programs.. If for some reason you need to disable one
or both of these flags, use the option --no-default-flags.
The following command lines produce the same result:
encfs raw crypt
encfs --no-default-flags raw crypt -- -o use_ino,default_permissions
|
--extpass=program
Specify an external program to use for getting the user password. When the external program is
spawned, the environment variable "RootDir" will be set to contain the path to the root directory.
The program should print the password to standard output.
EncFS takes everything returned from the program to be the password, except for a trailing newline
(\n) which will be removed.
For example, specifying --extpass=/usr/lib/ssh/ssh-askpass will cause EncFS to use ssh's password
prompt program.
Note: EncFS reads at most 2k of data from the password program, and it removes any trailing newline.
Versions before 1.4.x accepted only 64 bytes of text.
|
-S, --stdinpass
Read password from standard input, without prompting. This may be useful for scripting encfs mounts.
Note that you should make sure the filesystem and mount points exist first. Otherwise encfs will
prompt for the filesystem creation options, which may interfere with your script.
|
--anykey
Turn off key validation checking. This allows EncFS to be used with secondary passwords. This could
be used to store a separate set of files in an encrypted filesystem. EncFS ignores files which do
not decode properly, so files created with separate passwords will only be visible when the
filesystem is mounted with their associated password.
|