As promised here comes the distribution of credfs source code. To use it, just unpack it somewhere, cd to the credfs directory, run ./wizard.sh and follow the instructions.
You will need FUSE, libcryptopp and libarchive in your system and specify appropriate include/library directives in the Makefile. The one that comes with the distribution is tuned for MacPorts on OSX with OSXFUSE.
./wizard.sh will ask you to name the files you want to protect, then list the binaries which are supposed to be able to access it and then if everything works as expected (compilation of support tools) dedicated config.cpp and data.cpp will be generated upon which a credfs binary will be built.
Now as long as you’re logged in as yourself you can run ./credfs <mountpoint> to mount your encrypted filesystem. Then you can check that only authorized binaries will ever be able to open and read the file.
As you can see it’s a pretty easy and painless process. If only user detection was more reliable on any UN*X OS. But it’s a nontrivial issue of course… and would require limitation of root user access (probably using something like SELinux or other mandatory access control mechanism).
Anyway, enjoy this piece of software because to date it’s the easiest way to quickly secure your Samba credentials for usage with /etc/fstab or directly mount.cifs.
And once again, this one is cordially dedicated to Sara.