diff options
| author | ebiggers <ebiggers@google.com> | 2019-07-27 15:50:47 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey@google.com> | 2019-07-27 15:50:47 -0700 |
| commit | 2b6667a677bf80be0f7dd14baa2516bfdd1f0b50 (patch) | |
| tree | d24bc94c9cc3892a6cff52f090531f45614fb064 | |
| parent | 73992db882786db9e2c1ac63f101f77a9d90a0a6 (diff) | |
cmd/fscrypt: give newly encrypted directories mode 0700 (#134)
Resolves https://github.com/google/fscrypt/issues/132
| -rw-r--r-- | cmd/fscrypt/commands.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/cmd/fscrypt/commands.go b/cmd/fscrypt/commands.go index 66450c7..54e67ac 100644 --- a/cmd/fscrypt/commands.go +++ b/cmd/fscrypt/commands.go @@ -104,6 +104,13 @@ func encryptAction(c *cli.Context) error { return newExitError(c, err) } + // Most people expect that other users can't see their encrypted files + // while they're unlocked, so change the directory's mode to 0700. + if err := os.Chmod(path, 0700); err != nil { + fmt.Fprintf(c.App.Writer, "Warning: unable to chmod %q to 0700 [%v]\n", path, err) + // Continue on; don't consider this a fatal error. + } + if !skipUnlockFlag.Value { fmt.Fprintf(c.App.Writer, "%q is now encrypted, unlocked, and ready for use.\n", path) |