diff options
Diffstat (limited to 'internal/nametransform')
-rw-r--r-- | internal/nametransform/perms.go | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/internal/nametransform/perms.go b/internal/nametransform/perms.go index 98b51d6..cfcd062 100644 --- a/internal/nametransform/perms.go +++ b/internal/nametransform/perms.go @@ -1,16 +1,26 @@ package nametransform const ( - // Permissions for gocryptfs.diriv files + // Permissions for gocryptfs.diriv files. + // The gocryptfs.diriv files are created once, never modified, + // never chmod'ed or chown'ed. // - // It makes sense to have the diriv files group-readable so the FS can - // be mounted from several users from a network drive (see - // https://github.com/rfjakob/gocryptfs/issues/387 ). + // Group-readable so the FS can be mounted by several users in the same group + // (see https://github.com/rfjakob/gocryptfs/issues/387 ). // // Note that gocryptfs.conf is still created with 0400 permissions so the // owner must explicitly chmod it to permit access. - dirivPerms = 0440 + // + // World-readable so an encrypted directory can be copied by the non-root + // owner when gocryptfs is running as root + // ( https://github.com/rfjakob/gocryptfs/issues/539 ). + dirivPerms = 0444 - // Permissions for gocryptfs.longname.[sha256].name files - namePerms = 0400 + // Permissions for gocryptfs.longname.[sha256].name files. + // The .name files are created once, never modified, + // never chmod'ed or chown'ed. + // + // Group- and world-readable for the same reasons as the gocryptfs.diriv + // files (see above). + namePerms = 0444 ) |