From aae45b4d77082c8bd54575eaf7b48794d8d53e9e Mon Sep 17 00:00:00 2001 From: Sebastian Lackner Date: Wed, 9 Jan 2019 02:49:24 +0100 Subject: [PATCH] nametransform: Create *.name files with 0400 permission. Similar to gocryptfs.iv files they are never modified. --- internal/nametransform/longnames.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/nametransform/longnames.go b/internal/nametransform/longnames.go index fc97a26..7a6d413 100644 --- a/internal/nametransform/longnames.go +++ b/internal/nametransform/longnames.go @@ -129,7 +129,7 @@ func (n *NameTransform) WriteLongNameAt(dirfd int, hashName string, plainName st // Write the encrypted name into hashName.name fdRaw, err := syscallcompat.Openat(dirfd, hashName+LongNameSuffix, - syscall.O_WRONLY|syscall.O_CREAT|syscall.O_EXCL, 0600) + syscall.O_WRONLY|syscall.O_CREAT|syscall.O_EXCL, 0400) if err != nil { // Don't warn if the file already exists - this is allowed for renames // and should be handled by the caller.