libgocryptfs/internal/nametransform/perms.go

package nametransform

const (
	// Permissions for gocryptfs.diriv files.
	// The gocryptfs.diriv files are created once, never modified,
	// never chmod'ed or chown'ed.
	//
	// Group-readable so the FS can be mounted by several users in the same group
	// (see https://github.com/rfjakob/gocryptfs/issues/387 ).
	//
	// Note that gocryptfs.conf is still created with 0400 permissions so the
	// owner must explicitly chmod it to permit access.
	//
	// World-readable so an encrypted directory can be copied by the non-root
	// owner when gocryptfs is running as root
	// ( https://github.com/rfjakob/gocryptfs/issues/539 ).
	dirivPerms = 0444

	// Permissions for gocryptfs.longname.[sha256].name files.
	// The .name files are created once, never modified,
	// never chmod'ed or chown'ed.
	//
	// Group- and world-readable for the same reasons as the gocryptfs.diriv
	// files (see above).
	namePerms = 0444
)
nametransform: move permission constants to perms.go Prep for https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 07:27:04 +01:00			`package nametransform`

			`const (`
nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 08:06:09 +01:00			`// Permissions for gocryptfs.diriv files.`
			`// The gocryptfs.diriv files are created once, never modified,`
			`// never chmod'ed or chown'ed.`
nametransform: move permission constants to perms.go Prep for https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 07:27:04 +01:00			`//`
nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 08:06:09 +01:00			`// Group-readable so the FS can be mounted by several users in the same group`
			`// (see https://github.com/rfjakob/gocryptfs/issues/387 ).`
nametransform: move permission constants to perms.go Prep for https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 07:27:04 +01:00			`//`
			`// Note that gocryptfs.conf is still created with 0400 permissions so the`
			`// owner must explicitly chmod it to permit access.`
nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 08:06:09 +01:00			`//`
			`// World-readable so an encrypted directory can be copied by the non-root`
			`// owner when gocryptfs is running as root`
			`// ( https://github.com/rfjakob/gocryptfs/issues/539 ).`
			`dirivPerms = 0444`
nametransform: move permission constants to perms.go Prep for https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 07:27:04 +01:00
nametransform: make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable Make `gocryptfs.diriv` and `gocryptfs.xxx.name` files world-readable to make encrypted backups easier when mounting via fstab. Having the files follow chmod/chown of their parent does not seem to be worth the hassle. The content of the diriv files is not secret, and both diriv and name files are protected by the perms of the parent dir. Fixes https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 08:06:09 +01:00			`// Permissions for gocryptfs.longname.[sha256].name files.`
			`// The .name files are created once, never modified,`
			`// never chmod'ed or chown'ed.`
			`//`
			`// Group- and world-readable for the same reasons as the gocryptfs.diriv`
			`// files (see above).`
			`namePerms = 0444`
nametransform: move permission constants to perms.go Prep for https://github.com/rfjakob/gocryptfs/issues/539 2021-01-10 07:27:04 +01:00			`)`