From 6e355131670ad014e45f879475ddf800f0080d41 Mon Sep 17 00:00:00 2001
From: Eric Biggers <ebiggers@google.com>
Date: Wed, 23 Feb 2022 12:35:04 -0800
Subject: Make 'fscrypt setup' offer a choice of directory modes

World-writable directories are not appropriate for some systems, so
offer a choice of single-user-writable and world-writable modes, with
single-user-writable being the default.  Add a new documentation section
to help users decide which one to use.
---
 cmd/fscrypt/setup.go | 41 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

(limited to 'cmd/fscrypt/setup.go')

diff --git a/cmd/fscrypt/setup.go b/cmd/fscrypt/setup.go
index 7b9bebb..1da0d16 100644
--- a/cmd/fscrypt/setup.go
+++ b/cmd/fscrypt/setup.go
@@ -26,6 +26,7 @@ import (
 	"os"
 
 	"github.com/google/fscrypt/actions"
+	"github.com/google/fscrypt/filesystem"
 	"github.com/google/fscrypt/util"
 )
 
@@ -80,11 +81,47 @@ func setupFilesystem(w io.Writer, path string) error {
 	if err != nil {
 		return err
 	}
+	username := ctx.TargetUser.Username
 
-	if err = ctx.Mount.Setup(); err != nil {
+	err = ctx.Mount.CheckSetup()
+	if err == nil {
+		return &filesystem.ErrAlreadySetup{Mount: ctx.Mount}
+	}
+	if _, ok := err.(*filesystem.ErrNotSetup); !ok {
 		return err
 	}
 
-	fmt.Fprintf(w, "Metadata directories created at %q.\n", ctx.Mount.BaseDir())
+	allUsers := allUsersSetupFlag.Value
+	if !allUsers {
+		thisFilesystem := "this filesystem"
+		if ctx.Mount.Path == "/" {
+			thisFilesystem = "the root filesystem"
+		}
+		prompt := fmt.Sprintf(`Allow users other than %s to create
+fscrypt metadata on %s? (See
+https://github.com/google/fscrypt#setting-up-fscrypt-on-a-filesystem)`,
+			username, thisFilesystem)
+		allUsers, err = askQuestion(wrapText(prompt, 0), false)
+		if err != nil {
+			return err
+		}
+	}
+	var setupMode filesystem.SetupMode
+	if allUsers {
+		setupMode = filesystem.WorldWritable
+	} else {
+		setupMode = filesystem.SingleUserWritable
+	}
+	if err = ctx.Mount.Setup(setupMode); err != nil {
+		return err
+	}
+
+	if allUsers {
+		fmt.Fprintf(w, "Metadata directories created at %q, writable by everyone.\n",
+			ctx.Mount.BaseDir())
+	} else {
+		fmt.Fprintf(w, "Metadata directories created at %q, writable by %s only.\n",
+			ctx.Mount.BaseDir(), username)
+	}
 	return nil
 }
-- 
cgit v1.2.3