aboutsummaryrefslogtreecommitdiff
path: root/cmd/fscrypt/flags.go
diff options
context:
space:
mode:
Diffstat (limited to 'cmd/fscrypt/flags.go')
-rw-r--r--cmd/fscrypt/flags.go21
1 files changed, 14 insertions, 7 deletions
diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go
index e883a6d..af03ad2 100644
--- a/cmd/fscrypt/flags.go
+++ b/cmd/fscrypt/flags.go
@@ -33,6 +33,7 @@ import (
"github.com/urfave/cli"
"github.com/google/fscrypt/actions"
+ "github.com/google/fscrypt/security"
"github.com/google/fscrypt/util"
)
@@ -283,17 +284,23 @@ func getPolicyFromFlag(flagValue string, target *user.User) (*actions.Policy, er
// parseUserFlag returns the user specified by userFlag or the current effective
// user if the flag value is missing. If the effective user is root, however, a
-// user must specified in the flag.
-func parseUserFlag() (*user.User, error) {
+// user must specified in the flag. If checkKeyring is true, we also make sure
+// there are no problems accessing the user keyring.
+func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) {
if userFlag.Value != "" {
- return user.Lookup(userFlag.Value)
+ targetUser, err = user.Lookup(userFlag.Value)
+ } else {
+ if util.IsUserRoot() {
+ return nil, ErrSpecifyUser
+ }
+ targetUser, err = util.EffectiveUser()
}
- effectiveUser, err := util.EffectiveUser()
if err != nil {
return nil, err
}
- if util.IsUserRoot() {
- return nil, ErrSpecifyUser
+
+ if checkKeyring {
+ _, err = security.UserKeyringID(targetUser)
}
- return effectiveUser, nil
+ return targetUser, err
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-10 18:19:43 +0000