nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable

Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539
author: Jakob Unterwurzacher 2021-01-10 08:06:09 +0100
committer: Jakob Unterwurzacher 2021-01-10 08:07:10 +0100
commit: bed60101f4925eb2cce736301f5cc45ad267c187 (patch)
tree: f843eaf600da809918f581996ed1001201d4cefe /internal/fusefrontend
parent: 6b492fdcb8f2a95c6a5dd57b445b3551b541f4ae (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/internal/fusefrontend/node.go b/internal/fusefrontend/node.go
index 80d642c..87ba835 100644
--- a/internal/fusefrontend/node.go
+++ b/internal/fusefrontend/node.go
@@ -239,6 +239,10 @@ func (n *Node) Setattr(ctx context.Context, f fs.FileHandle, in *fuse.SetAttrIn,
 	defer syscall.Close(dirfd)
 
 	// chmod(2)
+	//
+	// gocryptfs.diriv & gocryptfs.longname.[sha256].name files do NOT get chmod'ed
+	// or chown'ed with their parent file/dir for simplicity.
+	// See nametransform/perms.go for details.
 	if mode, ok := in.GetMode(); ok {
 		errno = fs.ToErrno(syscallcompat.FchmodatNofollow(dirfd, cName, mode))
 		if errno != 0 {
author	Jakob Unterwurzacher	2021-01-10 08:06:09 +0100
committer	Jakob Unterwurzacher	2021-01-10 08:07:10 +0100
commit	bed60101f4925eb2cce736301f5cc45ad267c187 (patch)
tree	f843eaf600da809918f581996ed1001201d4cefe /internal/fusefrontend
parent	6b492fdcb8f2a95c6a5dd57b445b3551b541f4ae (diff)