aboutsummaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-05-16 23:59:26 +0200
committerJakob Unterwurzacher2016-05-18 19:30:05 +0200
commite7f78135b3092bbd2479beac5b7da077cb5d1497 (patch)
tree3818fa7936b88ec4006914683153a4d175c1a952 /main.go
parent5d1d5645121b3a73bcb11c608737341210232932 (diff)
Add "-allow_other" command-line option
As requested in https://github.com/rfjakob/gocryptfs/issues/26 , this adds the option to allow other users to access the filesystem.
Diffstat (limited to 'main.go')
-rw-r--r--main.go15
1 files changed, 13 insertions, 2 deletions
diff --git a/main.go b/main.go
index d9a37f0..83bd8d7 100644
--- a/main.go
+++ b/main.go
@@ -44,7 +44,7 @@ const (
type argContainer struct {
debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
plaintextnames, quiet, diriv, emenames, gcmiv128, nosyslog, wpanic,
- longnames bool
+ longnames, allow_other bool
masterkey, mountpoint, cipherdir, cpuprofile, config, extpass,
memprofile string
notifypid, scryptn int
@@ -159,6 +159,7 @@ func main() {
flagSet.BoolVar(&args.fusedebug, "fusedebug", false, "Enable fuse library debug output")
flagSet.BoolVar(&args.init, "init", false, "Initialize encrypted directory")
flagSet.BoolVar(&args.zerokey, "zerokey", false, "Use all-zero dummy master key")
+ // Tri-state true/false/auto
flagSet.StringVar(&opensslAuto, "openssl", "auto", "Use OpenSSL instead of built-in Go crypto")
flagSet.BoolVar(&args.passwd, "passwd", false, "Change password")
flagSet.BoolVar(&args.foreground, "f", false, "Stay in the foreground")
@@ -172,6 +173,8 @@ func main() {
flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately")
flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files")
+ flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+
+ "Only works if user_allow_other is set in /etc/fuse.conf.")
flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key")
flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file")
flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file")
@@ -395,6 +398,13 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
conn := nodefs.NewFileSystemConnector(pathFs.Root(), fuseOpts)
var mOpts fuse.MountOptions
mOpts.AllowOther = false
+ if args.allow_other {
+ toggledlog.Info.Printf(colorYellow + "The option \"-allow_other\" is set. Make sure the file " +
+ "permissions protect your data from unwanted access." + colorReset)
+ mOpts.AllowOther = true
+ // Make the kernel check the file permissions for us
+ mOpts.Options = append(mOpts.Options, "default_permissions")
+ }
// Set values shown in "df -T" and friends
// First column, "Filesystem"
mOpts.Options = append(mOpts.Options, "fsname="+args.cipherdir)
@@ -436,7 +446,7 @@ func handleSigint(srv *fuse.Server, mountpoint string) {
}
// Escape sequences for terminal colors
-var colorReset, colorGrey, colorRed, colorGreen string
+var colorReset, colorGrey, colorRed, colorGreen, colorYellow string
func setupColors() {
if terminal.IsTerminal(int(os.Stdout.Fd())) {
@@ -444,5 +454,6 @@ func setupColors() {
colorGrey = "\033[2m"
colorRed = "\033[31m"
colorGreen = "\033[32m"
+ colorYellow = "\033[33m"
}
}