From b08cbce5c1244f901e58812402d82a1816ecf436 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 20 Jan 2019 13:34:46 +0100
Subject: fusefronted: comment why Access() does not check context.Uid

https://github.com/rfjakob/gocryptfs/issues/347
---
 internal/fusefrontend/fs.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 096e663..ff628e5 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -617,6 +617,16 @@ func (fs *FS) Link(oldPath string, newPath string, context *fuse.Context) (code
 // Access - FUSE call. Check if a file can be accessed in the specified mode(s)
 // (read, write, execute).
 //
+// From https://github.com/libfuse/libfuse/blob/master/include/fuse.h :
+//
+// > Check file access permissions
+// >
+// > If the 'default_permissions' mount option is given, this method is not
+// > called.
+//
+// We always enable default_permissions when -allow_other is passed, so there
+// is no need for this function to check the uid in fuse.Context.
+//
 // Symlink-safe through use of faccessat.
 func (fs *FS) Access(relPath string, mode uint32, context *fuse.Context) (code fuse.Status) {
 	if fs.isFiltered(relPath) {
-- 
cgit v1.2.3