forward mode: create gocryptfs.diriv files with 0440 permissions

Makes it easier to share an encrypted folder via a network drive. #387
rfjakob · Mar 30, 2019 · ec17445 · ec17445
1 parent a4f461a
commit ec17445
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -166,6 +166,11 @@ Changelog
 vNEXT, in progress
 * Support wild cards in reverse mode via `--exclude-wildcard`
   ([#367](https://github.com/rfjakob/gocryptfs/pull/367)). Thanks @ekalin!
+* Create `gocryptfs.diriv` files with 0440 permissions to make it easier to
+  share an encrypted folder via a network drive
+  ([#387](https://github.com/rfjakob/gocryptfs/issues/387)).
+  Note: as a security precaution, the owner must still manually 
+  `chmod gocryptfs.conf 0440` to allow mounting.
 
 v1.7, 2019-03-17
 * **Fix possible symlink race attacks in forward mode** when using allow_other + plaintextnames

diff --git a/internal/nametransform/diriv.go b/internal/nametransform/diriv.go
@@ -61,11 +61,19 @@ func fdReadDirIV(fd *os.File) (iv []byte, err error) {
 // This function is exported because it is used from fusefrontend, main,
 // and also the automated tests.
 func WriteDirIVAt(dirfd int) error {
+	// It makes sense to have the diriv files group-readable so the FS can
+	// be mounted from several users from a network drive (see
+	// https://github.com/rfjakob/gocryptfs/issues/387 ).
+	//
+	// Note that gocryptfs.conf is still created with 0400 permissions so the
+	// owner must explicitely chmod it to permit access.
+	const dirivPerms = 0440
+
 	iv := cryptocore.RandBytes(DirIVLen)
 	// 0400 permissions: gocryptfs.diriv should never be modified after creation.
 	// Don't use "ioutil.WriteFile", it causes trouble on NFS:
 	// https://github.com/rfjakob/gocryptfs/commit/7d38f80a78644c8ec4900cc990bfb894387112ed
-	fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, 0400)
+	fd, err := syscallcompat.Openat(dirfd, DirIVFilename, os.O_WRONLY|os.O_CREATE|os.O_EXCL, dirivPerms)
 	if err != nil {
 		tlog.Warn.Printf("WriteDirIV: Openat: %v", err)
 		return err

diff --git a/tests/cli/cli_test.go b/tests/cli/cli_test.go
@@ -43,6 +43,26 @@ func TestInit(t *testing.T) {
 	}
 }
 
+// Test that gocryptfs.conf and gocryptfs.diriv are there with the expected
+// permissions after -init
+func TestInitFilePerms(t *testing.T) {
+	dir := test_helpers.InitFS(t)
+	var st syscall.Stat_t
+	syscall.Stat(dir+"/gocryptfs.conf", &st)
+	perms := st.Mode & 0777
+	if perms != 0400 {
+		t.Errorf("Wrong permissions for gocryptfs.conf: %#o", perms)
+	}
+	st = syscall.Stat_t{}
+	syscall.Stat(dir+"/gocryptfs.diriv", &st)
+	perms = st.Mode & 0777
+	// From v1.7.1, these are created with 0440 permissions, see
+	// https://github.com/rfjakob/gocryptfs/issues/387
+	if perms != 0440 {
+		t.Errorf("Wrong permissions for gocryptfs.diriv: %#o", perms)
+	}
+}
+
 // Test -init with -devrandom flag
 func TestInitDevRandom(t *testing.T) {
 	test_helpers.InitFS(t, "-devrandom")