Rclone native encfs support (hopfully fixing the current bug where you cant copy/paste over encfs-mount)

If you are like me having big library encfs encrypted and would like to mount drive directly without the need of additional encfs folders, show your support here: https://github.com/ncw/rclone/issues/651 (buy +1 posting something )

That could probably also ix the current issue where you cant copy/move files over encfs drive connected to rclone mount.
So instead of @ncw trying to solve that bug he could maybe implement native support to encfs.

p.s. @ncw is that something that would require a lot of work ?

1 Like

encfs has quite a lot of options, so would be quite a lot of work. However it is the kind of work that some people enjoy doing (interesting crypto, defined end point).

The easiest way to fix your problem would certainly be to fix the problem in encfs: https://github.com/vgough/encfs

@ncw I asked on ecnfs github but got reply.

No, encfs needs read AND write access. It has to do a read-modify-write
cycle if you modify a block.

Ah OK, that makes sense.

Thanks for doing that - at least we have an answer why it doesn’t work.

Any update about an encFS support in rClone? That’d be really easier to manage backups/files over our Amazon encrypted mount.

I would not hold my breath on this since it would be a lot of work to implement it, eg it wont be done by ncw but maybe someone will go for it.

Personally Iam more fond of rclone crypt method now ( iam reencrypting my 40TB lib from encfs to crypt ) mainly:

  • cleaner setup you dont hold any encrypted files on disk

  • the encryption is done on the fly on upload eg a lot less disk I/O’s
    with encfs the disks really slow down if you have multiple apps copying/moving files to encfs folder eg if my sonarr and CP start moving files to encfs folder it can take 10 minutes and more per file as its being encrypting. With rclone that 10 minutes its instant eg normal move so its much better for it.

  • usage of rclone fliter flag that you cant use for upload as you are uploading already encrypted files.

And not to forget ncw is working hard on optimizing it crypt performance, while with encfs is what it is, dont expect much/any updates there.

My suggestion would be that you switch to crypt for longevity.

Well I actually use the crypt method but I’m still facing some issues with Sickrage and Couchpotato. Dealing with nzb is ok as I use some post-process scripts with NZBget but it’s harder to use such scripts for rtorrent (to get some tv shows).
I mean, for personal backups I crypt on my side and then “rclone move” so it’s ok. My prob is only for files I DL.

Hmm i dont get it, what kind of issues you have with SR and CP ?
Dont think encfs would solve anything for it eg copying files directly on mount with read/write method does not work with either crypt or encfs.

Well, yeah my question about encFS depends on the rw ability for rClone.
Despite CP is quite ok (no rename but Plex/Emby can deal with the folders name) I failed to use SR with nzbget/rtorrent because SickRage needs to rename and place it in the right path /Shows/Name/Season. And I didn’t find out how to rClone move/copy the file into its final dir. I actually do it for movies but it’s easier because I rClone move /home/mike/Movies to Enc_ACD:/Movies.
BTW I still need to work on it but I feel a bit lost at the moment about how/what to do.

The best way to solve your problem is with unionfs that is mounted RW with your upload folder and ReadOnly with your cloud.

/usr/bin/unionfs-fuse -o cow, -o allow_other /path/upload=RW:/path/acd=RO /path/unionfs

Now you set your CP,SR etc… to move files directly to unionfs folder eg /unionfs/movies/ those files will be actually saved in your /upload/movies/ folder.

The reason for unionfs is so CP always see completed content regardless if its local or on cloud, it will always be available on same path. ( also set Plex to read from it )

All you need to do now is run in cron, rclone move from upload to cloud.
If you are using ENCFS then your overlay it over your upload eg upload-encrypted/ and set rclone move source there.

Writing large files directly on mount atm is not good idea its better to use rclone move.

1 Like

Ok, just to be sure I understand it right: I should mount my /home/mike/Movies (rw) with /Enc_ACD/Movies ®, /home/mike/Shows (rw) with /Enc_ACD/Shows ® etc so that CP & SR only see one dir. And then set an inotify script, for example, to rClone move/copy files from /home/mike/Dir to /Enc_ACD/dir.
Is that right?
Seems to be the best setup option at this moment so CP & SR could work on their own.

Iam not sure whats your folder structure, here is a full example ( for ENCFS) with self describing folder names

Folder structure:


Mount points:

├─/home/plex/acd-encrypted acd: fuse.rclone
├─/home/plex/acd-unencrypted encfs fuse.encfs
├─/home/plex/upload-unencrypted encfs fuse.encfs
└─/home/plex/union-acd-upload unionfs-fuse fuse.unionfs-fuse

Mount commands:

rclone mount --allow-non-empty --allow-other --checkers 16 --max-read-ahead 14G --acd-templink-threshold 0 acd:/ /home/plex/acd-encrypted &

ENCFS6_CONFIG=’/home/plex/.config/encfs/encfs.xml’ encfs -o allow_other /home/plex/acd-encrypted/backup /home/plex/acd-unencrypted --extpass=“cat /home/plex/.config/encfs/.encfs”

ENCFS6_CONFIG=’/home/plex/.config/encfs/encfs.xml’ encfs -o allow_other /home/plex/upload-encrypted /home/plex/upload-unencrypted --extpass=“cat /home/plex/.config/encfs/.encfs”

unionfs-fuse -o cow /home/plex/upload-unencrypted=RW:/home/plex/acd-unencrypted=RO /home/plex/union-acd-upload/

Rclone move command
/usr/bin/rclone move /home/plex/upload-encrypted/ acd:/backup -c --no-traverse --min-age 20m --transfers 15 --checkers 15 --delete-after --log-file=/var/log/rclone-upload.cron.log

So as you can see all encrypted files are stored on acd in backup folder ( and inside you have subfolders for movies and series )

The Plex Library is set to /home/plex/union-acd-upload/ , the CP / SR destination is also set to /home/plex/union-acd-upload/ ( eg union of acd and upload folder )

The rclone is moving encrypted files directly to acd/backup folder.

All you need to do now is translate to your folder names.

I suggest you switch to crypt as its much much cleaner not to mention better to use since it can take ages if CP and SR are moving files at same time as those need to be encrypted on the fly on disk.
With crypt those files would be moved instantly and crypt would encrypt them on the fly during upload.


Thanks a lot Ajki, I could manage my own library with your example :slight_smile:

If you switch to crypt it would be

Folder structure:

Mount Points:
├─/home/plex/acd-crypt acdcrypt: fuse.rclone

Mount commands:
rclone mount --allow-non-empty --allow-other acdcrypt: /home/plex/acd-crypt/ &
unionfs-fuse -o cow /home/plex/upload=RW:/home/plex/acd-crypt=RO /home/plex/union-acd-crypt-upload/

Rclone move command:
/usr/bin/rclone move /home/plex/upload/ acdcrypt: -c --no-traverse --min-age 20m --transfers 15 --checkers 15 --delete-after --log-file=/var/log/rclone-upload.cron.log

Convert from ECFS to CRYPT
To convert your current library, do rclone config and make new crypt remote pointing to your existing acd remote with added folder eg acd:/encrypted

Make a copy script from your unencrypted encfs folder to new crypt mount
/usr/bin/rclone copy /storage/acd/ acdcrypt: -c --no-traverse --no-update-modtime --transfers=30 --checkers=30 --min-age 180m --log-file=/var/log/encfs2crypt.log

As you can see the whole setup its much simpler not to mention better performance wise when it comes to moving files to upload folder.


Hey… your posts are always very informative. Thanks for sharing for data mining with the rest of us.
I was just wondering if you have narrowed down your rClone mount settings/flags to the ones in this thread?
Have you determined that these are the ‘best’ flags for the smoothest Plex playback?
I ask because they are much different then the ones that you were using in your other threads.

Most os settings where set as defaults value, iam now using the ones i posted here.

@Ajki thanks for posting your encfs to rclone crypt conversion guide. I’m presently running acd with encfs. I would like to rclone everything over to my google drive account and convert to rclone crypt there. Could you post a best settings sript for that? I don’t want to get banned on either side.