Home / ubuntu / Questions / 976581
In Process
pauljohn32
Asked: 2017-11-15 22:55:35 +0800 CST

Google Drive Access. ocamlfuse fine. Is it secure?

  • 772

Today I've tried two methods to access Google drive storage in Ubuntu 17.04. My Desktop is XFCE4.

The first one, using Gnome Online Accounts, does not work well. I see same performance and permission problems in Thunar and Nautilus (er, Files). I followed instructions here:

http://www.webupd8.org/2016/03/use-gnome-318-google-drive-integration.html

I'm able to see files in Google Drive and rename them, but 1) it does not allow files to be deleted, moved or copied in the file manager, 2) it does not interact with the Terminal well, the file names display a long encrypted looking things, and 3) there are long "hang" times where the file manager and the popup menus it creates are frozen.

The second method I tried, a FUSE based tool named google-drive-ocamlfuse, works fine! Instructions:

http://www.omgubuntu.co.uk/2017/04/mount-google-drive-ocamlfuse-linux

They are right. This is more "performant".

The PPA offers that program, it is no longer necessary to compile it for yourself, and so far for me it JUST WORKS. I am able to mount the folder and succeed in fully interacting with files, including viewing, renaming, moving, and copying. All in all, it was a big victory.

Now I wonder...

Question 1. Is this is secure?

google-drive-ocamlfuse seems to bypass the Google 2 factor authentication. How can that be? When I did the Gnome Drive method, it did follow the 2 factor authentication, sending a text to my phone. Is the computer remembering the authentication from the Gnome session when I use the CLI to mount with ocamlfuse?

Question 2. Possible to auto unmount?

There is a real danger is that I will forget to run fusermount -u on the google drive. If I could make laptop suspend automatically unmount that drive it would be good.

In past experience with sshfs, I notice that if I forget to fusermount -u to disconnect, then the whole OS is very slow after a suspend/resume. The OS keeps trying to re-establish connection to files on the now defunct file system).

One other thing worth mentioning. Cleaning out the Gnome Account stuff is not all that easy. I wish I had understood this part before trying it. Gnome installed a lot of packages and I had to go through some fancy dancing to put my Google info into Gnome Online Account. It is easy enough to remove the packages, but cleaning out the account information is not automatic. I found advice for that here:

How to remove Google virtual mount drive from Ubuntu 16.04?

but I worry I'll never get rid of all the hidden files.

Here are all of the packages that came in during this Gnome adventure, by the way:

$ sudo apt-get install gnome-control-center gnome-online-accounts
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  apg dconf-cli dleyna-server gir1.2-ibus-1.0 gkbd-capplet gnome-bluetooth
  gnome-control-center-data gnome-settings-daemon gnome-user-share ibus
  libcolord-gtk1 libdleyna-connector-dbus-1.0-1 libdleyna-core-1.0-3
  libgeocode-glib0 libgnome-bluetooth13 libgnomekbd-common libgnomekbd8
  libgoa-backend-1.0-1 libgupnp-av-1.0-2 libgupnp-dlna-2.0-3 libgweather-3-6
  libgweather-common libnss-myhostname mousetweaks realmd
  ubuntu-system-service unity-control-center-faces
Suggested packages:
  libcanberra-gtk-module apache2-bin libapache2-mod-dnssd ibus-clutter
  ibus-doc
The following NEW packages will be installed:
  apg dconf-cli dleyna-server gir1.2-ibus-1.0 gkbd-capplet gnome-bluetooth
  gnome-control-center gnome-control-center-data gnome-online-accounts
  gnome-settings-daemon gnome-user-share ibus libcolord-gtk1
  libdleyna-connector-dbus-1.0-1 libdleyna-core-1.0-3 libgeocode-glib0
  libgnome-bluetooth13 libgnomekbd-common libgnomekbd8 libgoa-backend-1.0-1
  libgupnp-av-1.0-2 libgupnp-dlna-2.0-3 libgweather-3-6 libgweather-common
  libnss-myhostname mousetweaks realmd ubuntu-system-service
  unity-control-center-faces
0 upgraded, 29 newly installed, 0 to remove and 24 not upgraded.
Need to get 6,153 kB of archives.
After this operation, 30.2 MB of additional disk space will be used.
google-drive

1 Answers

  1. This question should be split into 2 questions. I recommend editing the question and only keep Q1, and moving Q2 to a separate question.

    Is google-drive-ocamlfuse secure?:

    That's a hard thing to answer, but I suspect you mean, is the way it's doing authentication, in principle, secure? And the answer is: it depends.

    There are 2 ways that you can authenticate. The 1st way to authenticate is less secure than the alternative.

    1. The primary way uses a webapp written and hosted by astrada on google app engine and it passes through your OAuth tokens to you. This is weird because we're relying on a 3rd party to keep those tokens safe. In theory that pass through app could be nefarious, or could be hacked by a 3th party.

    2. The second way is to step through the process of generating and authenticating a new OAuth token via google's api (instructions linked at the bottom). This is much more involved, but is, in theory, more secure because you don't have to trust a closed source/unverifiable 3rd party webapp to handle your tokens.

    Documentation: https://github.com/astrada/google-drive-ocamlfuse/wiki/Authorization

    • 1