Make 'fscrypt setup' offer a choice of directory modes

World-writable directories are not appropriate for some systems, so offer a choice of single-user-writable and world-writable modes, with single-user-writable being the default. Add a new documentation section to help users decide which one to use.
author: Eric Biggers <ebiggers@google.com> 2022-02-23 12:35:04 -0800
committer: Eric Biggers <ebiggers@google.com> 2022-02-23 12:35:04 -0800
commit: 6e355131670ad014e45f879475ddf800f0080d41 (patch)
tree: b323dd02a668b36a4b07f9f8275d6555acb00dbb /cmd/fscrypt/status.go
parent: 45599bdfad300f1a034c70dd70b4bd180d66f52c (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/cmd/fscrypt/status.go b/cmd/fscrypt/status.go
index d10dfd8..54c6f1f 100644
--- a/cmd/fscrypt/status.go
+++ b/cmd/fscrypt/status.go
@@ -165,9 +165,18 @@ func writeFilesystemStatus(w io.Writer, ctx *actions.Context) error {
 		return err
 	}
 
-	fmt.Fprintf(w, "%s filesystem %q has %s and %s\n\n", ctx.Mount.FilesystemType,
+	fmt.Fprintf(w, "%s filesystem %q has %s and %s.\n", ctx.Mount.FilesystemType,
 		ctx.Mount.Path, pluralize(len(options), "protector"),
 		pluralize(len(policyDescriptors), "policy"))
+	if setupMode, user, err := ctx.Mount.GetSetupMode(); err == nil {
+		switch setupMode {
+		case filesystem.WorldWritable:
+			fmt.Fprintf(w, "All users can create fscrypt metadata on this filesystem.\n")
+		case filesystem.SingleUserWritable:
+			fmt.Fprintf(w, "Only %s can create fscrypt metadata on this filesystem.\n", user.Username)
+		}
+	}
+	fmt.Fprintf(w, "\n")
 
 	if len(options) > 0 {
 		writeOptions(w, options)
author	Eric Biggers <ebiggers@google.com>	2022-02-23 12:35:04 -0800
committer	Eric Biggers <ebiggers@google.com>	2022-02-23 12:35:04 -0800
commit	6e355131670ad014e45f879475ddf800f0080d41 (patch)
tree	b323dd02a668b36a4b07f9f8275d6555acb00dbb /cmd/fscrypt/status.go
parent	45599bdfad300f1a034c70dd70b4bd180d66f52c (diff)