diff options
author | Jakob Unterwurzacher | 2016-05-16 23:59:26 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-05-18 19:30:05 +0200 |
commit | e7f78135b3092bbd2479beac5b7da077cb5d1497 (patch) | |
tree | 3818fa7936b88ec4006914683153a4d175c1a952 /main.go | |
parent | 5d1d5645121b3a73bcb11c608737341210232932 (diff) |
Add "-allow_other" command-line option
As requested in https://github.com/rfjakob/gocryptfs/issues/26 ,
this adds the option to allow other users to access the filesystem.
Diffstat (limited to 'main.go')
-rw-r--r-- | main.go | 15 |
1 files changed, 13 insertions, 2 deletions
@@ -44,7 +44,7 @@ const ( type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, plaintextnames, quiet, diriv, emenames, gcmiv128, nosyslog, wpanic, - longnames bool + longnames, allow_other bool masterkey, mountpoint, cipherdir, cpuprofile, config, extpass, memprofile string notifypid, scryptn int @@ -159,6 +159,7 @@ func main() { flagSet.BoolVar(&args.fusedebug, "fusedebug", false, "Enable fuse library debug output") flagSet.BoolVar(&args.init, "init", false, "Initialize encrypted directory") flagSet.BoolVar(&args.zerokey, "zerokey", false, "Use all-zero dummy master key") + // Tri-state true/false/auto flagSet.StringVar(&opensslAuto, "openssl", "auto", "Use OpenSSL instead of built-in Go crypto") flagSet.BoolVar(&args.passwd, "passwd", false, "Change password") flagSet.BoolVar(&args.foreground, "f", false, "Stay in the foreground") @@ -172,6 +173,8 @@ func main() { flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files") + flagSet.BoolVar(&args.allow_other, "allow_other", false, "Allow other users to access the filesystem. "+ + "Only works if user_allow_other is set in /etc/fuse.conf.") flagSet.StringVar(&args.masterkey, "masterkey", "", "Mount with explicit master key") flagSet.StringVar(&args.cpuprofile, "cpuprofile", "", "Write cpu profile to specified file") flagSet.StringVar(&args.memprofile, "memprofile", "", "Write memory profile to specified file") @@ -395,6 +398,13 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi conn := nodefs.NewFileSystemConnector(pathFs.Root(), fuseOpts) var mOpts fuse.MountOptions mOpts.AllowOther = false + if args.allow_other { + toggledlog.Info.Printf(colorYellow + "The option \"-allow_other\" is set. Make sure the file " + + "permissions protect your data from unwanted access." + colorReset) + mOpts.AllowOther = true + // Make the kernel check the file permissions for us + mOpts.Options = append(mOpts.Options, "default_permissions") + } // Set values shown in "df -T" and friends // First column, "Filesystem" mOpts.Options = append(mOpts.Options, "fsname="+args.cipherdir) @@ -436,7 +446,7 @@ func handleSigint(srv *fuse.Server, mountpoint string) { } // Escape sequences for terminal colors -var colorReset, colorGrey, colorRed, colorGreen string +var colorReset, colorGrey, colorRed, colorGreen, colorYellow string func setupColors() { if terminal.IsTerminal(int(os.Stdout.Fd())) { @@ -444,5 +454,6 @@ func setupColors() { colorGrey = "\033[2m" colorRed = "\033[31m" colorGreen = "\033[32m" + colorYellow = "\033[33m" } } |