From 0829eb74863bd279ae012779e52040ecc7f7178e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 15 Dec 2019 19:31:39 -0800 Subject: cmd/fscrypt: adjust user and keyring validation and preparation Don't force the user to provide a --user argument when running fscrypt as root if they're doing something where the TargetUser isn't actually needed, such as provisioning/deprovisioning a v1 encryption policy to/from the filesystem keyring, or creating a non-login protector. Also don't set up the user keyring (or check for it being set up) if it won't actually be used. Finally, if we'll be provisioning/deprovisioning a v1 encryption policy to/from the filesystem keyring, make sure the command is running as root, since the kernel requires this. --- cmd/fscrypt/flags.go | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) (limited to 'cmd/fscrypt/flags.go') diff --git a/cmd/fscrypt/flags.go b/cmd/fscrypt/flags.go index 2eea8de..361732c 100644 --- a/cmd/fscrypt/flags.go +++ b/cmd/fscrypt/flags.go @@ -33,7 +33,6 @@ import ( "github.com/urfave/cli" "github.com/google/fscrypt/actions" - "github.com/google/fscrypt/keyring" "github.com/google/fscrypt/util" ) @@ -283,24 +282,10 @@ func getPolicyFromFlag(flagValue string, targetUser *user.User) (*actions.Policy } // parseUserFlag returns the user specified by userFlag or the current effective -// user if the flag value is missing. If the effective user is root, however, a -// user must specified in the flag. If checkKeyring is true, we also make sure -// there are no problems accessing the user keyring. -func parseUserFlag(checkKeyring bool) (targetUser *user.User, err error) { +// user if the flag value is missing. +func parseUserFlag() (targetUser *user.User, err error) { if userFlag.Value != "" { - targetUser, err = user.Lookup(userFlag.Value) - } else { - if util.IsUserRoot() { - return nil, ErrSpecifyUser - } - targetUser, err = util.EffectiveUser() + return user.Lookup(userFlag.Value) } - if err != nil { - return nil, err - } - - if checkKeyring { - _, err = keyring.UserKeyringID(targetUser, true) - } - return targetUser, err + return util.EffectiveUser() } -- cgit v1.2.3