Suppose that you are running gocryptfs as root with the -allow_other option. Then if a non-root user creates a (regular) file in the gocryptfs, it will be owned by that user. But that doesn't seem to happen with unix domain sockets, they are instead always owned by root.

Here's how to reproduce this (with the help of socat):
As root, run the following:

mkdir /tmp/gocryptfs-sock-test{,.enc}
gocryptfs -init -extpass="echo test" /tmp/gocryptfs-sock-test.enc
gocryptfs -allow_other -extpass="echo test" /tmp/gocryptfs-sock-test{.enc,}
chmod 0777 /tmp/gocryptfs-sock-test

Then as a non-root user run this:

socat unix-listen:/tmp/gocryptfs-sock-test/test.sock -

You can check now that the socket /tmp/gocryptfs-sock-test/test.sock will be owned by root.

encfs with the --public option, doesn't seem to have that problem:

# as root:
mkdir /tmp/encfs-sock-test{,.enc}
encfs --public --standard --extpass="echo test" /tmp/encfs-sock-test{.enc,}
chmod 0777 /tmp/encfs-sock-test

# as non-root:
socat unix-listen:/tmp/encfs-sock-test/test.sock -
# /tmp/encfs-sock-test/test.sock is owned by the non root user

I was just doing some more testing and it appears that this issue does not only affect unix domain sockets, it also affects all other special file types: character devices, block devices, pipes, and even symlinks.

Should be fixed via e3c5e3f and 55df8ac , just pushed to master!

Edit: Owner preservation was only implemented for files and directories till now, that was of course an oversight.

It now works like a charm. Thanks for the quick fix.

Thanks for testing! Closing the ticket.