unix domain sockets are created with the wrong owner
redneb opened this issue · comments
Suppose that you are running gocryptfs
as root with the -allow_other
option. Then if a non-root user creates a (regular) file in the gocryptfs
, it will be owned by that user. But that doesn't seem to happen with unix domain sockets, they are instead always owned by root.
Here's how to reproduce this (with the help of socat
):
As root, run the following:
mkdir /tmp/gocryptfs-sock-test{,.enc}
gocryptfs -init -extpass="echo test" /tmp/gocryptfs-sock-test.enc
gocryptfs -allow_other -extpass="echo test" /tmp/gocryptfs-sock-test{.enc,}
chmod 0777 /tmp/gocryptfs-sock-test
Then as a non-root user run this:
socat unix-listen:/tmp/gocryptfs-sock-test/test.sock -
You can check now that the socket /tmp/gocryptfs-sock-test/test.sock
will be owned by root.
encfs
with the --public
option, doesn't seem to have that problem:
# as root:
mkdir /tmp/encfs-sock-test{,.enc}
encfs --public --standard --extpass="echo test" /tmp/encfs-sock-test{.enc,}
chmod 0777 /tmp/encfs-sock-test
# as non-root:
socat unix-listen:/tmp/encfs-sock-test/test.sock -
# /tmp/encfs-sock-test/test.sock is owned by the non root user
I was just doing some more testing and it appears that this issue does not only affect unix domain sockets, it also affects all other special file types: character devices, block devices, pipes, and even symlinks.
It now works like a charm. Thanks for the quick fix.
Thanks for testing! Closing the ticket.