gocryptfs on network share: users in same group are denied access

Question

gocryptfs on network share: users in same group are denied access

CardContact opened this issue 5 years ago · 3 comments

We try to setup encrypted project folders on a cifs network share, but that fails when users are attempting to access directories created by the initial user.

Internal files (gocryptfs.conf, gocryptfs.iv) are created with 0400, which prevents access from users in the same group.

Is this done intentionally ?

Answer 1 · 2019-03-30T18:45:12.000Z

They are created with the most restrictive permissions possible, but this obviously breaks your use case, and that is not intentional, no.

I think your use case is valid, so how about this: gocrypts.conf stays 0400, and the owner should explicitly chmod it to allow access from others.

gocryptfs.diriv are created 0440.

Answer 2 · 2019-03-30T18:52:15.000Z

That would work for me.

I already changed 0400 to 0440 for gocryptfs.diriv and gocryptfs.conf to give it a try. That worked fine in a network share. Requiring the owner to change to 0400 for gocryptfs.conf is a good idea.

Answer 3 · 2019-03-30T19:09:44.000Z

Should be fixed, thanks for the report!