gocryptfs on network share: users in same group are denied access
CardContact opened this issue · 3 comments
We try to setup encrypted project folders on a cifs network share, but that fails when users are attempting to access directories created by the initial user.
Internal files (gocryptfs.conf, gocryptfs.iv) are created with 0400, which prevents access from users in the same group.
Is this done intentionally ?
They are created with the most restrictive permissions possible, but this obviously breaks your use case, and that is not intentional, no.
I think your use case is valid, so how about this: gocrypts.conf stays 0400, and the owner should explicitly chmod it to allow access from others.
gocryptfs.diriv are created 0440.
That would work for me.
I already changed 0400 to 0440 for gocryptfs.diriv and gocryptfs.conf to give it a try. That worked fine in a network share. Requiring the owner to change to 0400 for gocryptfs.conf is a good idea.
Should be fixed, thanks for the report!