2

I was searching for a solution to mount an encrypted folder on my synology nas via terminal and found out that DSM uses ecryptfs. Using mount.ecryptfs $ENCRYPT_DIR_PATH $MOUNTED_DIR_PATH actually works but the mounted directory with decrypted data doesn't show in the samba shares or in the web GUI. Further i found out that synology made a program/script to solve this. synoshare --enc_mount $ENCRYPT_DIR_PATH $PASSWORD should mount the folder and make it visible but sadly it crashes.

Error SYNOShareEncShareMount() failed.[0x1400 share_db_get.c:31]

Does anyone know what the problem is here?

SECURITY WARNING:

Someone who searches a way to do this might stumble upon this thread, so i want to warn you about something i read here. If you use synoshare --enc_mount $ENCRYPT_DIR_PATH $PASSWORD your password will be in plain text on the terminal and also in /var/log/bash_history.log which is obviously a security flaw. If you scroll down on the linked page you find a post from user fairlane in which he wrote a small script to use synoshare without revealing the password. For the sake of completeness i post it here.

echo -n "Enter Share Password: "
read -s passwordVariable
echo ""
/usr/syno/sbin/synoshare --enc_mount $1 $passwordVariable
Improve this question
4
  • 2
    I think you should add to the security warning section that the password you provide with this solution will still be visible in /var/log/auth.log. So anyone with root access to the system will be able to also find your encryption password(s). Now, one could of course in a normal home environment assume that strangers do not have root and it would be good enough. A persistent person with physical access may be able to extract /var/log/auth.log from the system, rendering the encryption useless.
    – mabahj
    Commented Mar 28, 2019 at 19:39
  • 1
    You can avoid the auth.log entry by making sudo run bash and providing the command on stdin, eg: sudo bash <<<"synoshare --enc_mount $DIR $PW" (note <<< in bash means provide the string on stdin).
    – meuh
    Commented Feb 29, 2020 at 14:28
  • It looks like Synology forums have moved, and they never made it to archive.org. The original post might be at community.synology.com/enu/forum/17/post/89231?reply=305243 now, although it's probably lost some linebreaks.
    – mwfearnley
    Commented Sep 16, 2022 at 15:06
  • @mabahj As far as I can tell, auth.log only logs commands triggered directly by sudo. So you possibly only need the <<< trick if you're literally running sudo synoshare .... If you're running sudo myscript and myscript calls synoshare ..., it's probably fine.
    – mwfearnley
    Commented Sep 16, 2022 at 15:13

1 Answer 1

Reset to default
2

I found out what was wrong. Instead of using synoshare --enc_mount $ENCRYPT_DIR_PATH $PASSWORD you use it like synoshare --enc_mount $SHARE_NAME $PASSWORD. So you have to put the actual name of the share using " " as argument instead of the concrete path.

Improve this answer
1
  • it works but the mounted shared folder is not visible in "File Station" and in Control Panel -> Shared Folders. How can one notice them that the folder is mounted?
    – cipper
    Commented Mar 13, 2023 at 18:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .