From bed60101f4925eb2cce736301f5cc45ad267c187 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 10 Jan 2021 08:06:09 +0100
Subject: nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files
 world-readable

Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier
when mounting via fstab.

Having the files follow chmod/chown of their parent does not seem
to be worth the hassle. The content of the diriv files is not
secret, and both diriv and name files are protected by the
perms of the parent dir.

Fixes https://github.com/rfjakob/gocryptfs/issues/539
---
 internal/fusefrontend/node.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'internal/fusefrontend/node.go')

diff --git a/internal/fusefrontend/node.go b/internal/fusefrontend/node.go
index 80d642c..87ba835 100644
--- a/internal/fusefrontend/node.go
+++ b/internal/fusefrontend/node.go
@@ -239,6 +239,10 @@ func (n *Node) Setattr(ctx context.Context, f fs.FileHandle, in *fuse.SetAttrIn,
 	defer syscall.Close(dirfd)
 
 	// chmod(2)
+	//
+	// gocryptfs.diriv & gocryptfs.longname.[sha256].name files do NOT get chmod'ed
+	// or chown'ed with their parent file/dir for simplicity.
+	// See nametransform/perms.go for details.
 	if mode, ok := in.GetMode(); ok {
 		errno = fs.ToErrno(syscallcompat.FchmodatNofollow(dirfd, cName, mode))
 		if errno != 0 {
-- 
cgit v1.2.3