Can't create folder or file under a normal user when mounted by root with force_owner about gocryptfs HOT 6 OPEN

Hey - I'm @charles-dyfis-net's successor.

We use gocryptfs in a similar way to @kdrobnyh above, where a handful of programs (under different users) are given access to directories through gocryptfs which starts as root, but drops privileges and runs as a specific (non-root) user which accesses the underlying storage as that uid. The reason to have a specific storage-access user is to simplify deployment while maintaining isolation between users(/services) - this is on NFS where the NFS server is being managed by end users.

Hope this helps explain our usage, & thanks for taking us into account.

Note: updated description to be more clear. thanks Charles.

from gocryptfs.

(To expand a little from my increasingly-outdated memory, the goal was not just simplifying deployment -- a lot of this in the original design was about sandboxing; subtree A, using gocryptfs key A, and exporting content from a specific subtree of the shared for use only by account A, was also used as a security control, ensuring that a compromise of service account A couldn't be used to read data associated with service accounts B, C or D, despite only requiring the customer/user to set up one account on their NFS server; because all these services are creating new data, mkdir is of course essential)

from gocryptfs.

Hello,
on my end, the crypted folder is owned by user1. I decrypted and mounted the folder using root and force_owner as user2.
What I experience is the following (as user2):

• I can read existing files.
• I can rename existing files.
• I can edit existing files.
• I can delete existing files and folders
• I CANNOT create new files.

My version of gocryptfs is v2.4.0.

Edit: As a temporary solution, one could use bindfs to first mount the crypted folder as user2.

from gocryptfs.

Ugh, -force_owner looks like a mess right now. I guess #340 made it inconsistent, because that only affected the code paths that create new files.

I'm not sure what behavoir we want, though.

@kdrobnyh what do you want to do with -force_owner / why do you use it?

@charles-dyfis-net same question for you. Would it be OK that -force_owner implies read-only? Or should the files be created as root-owned?

from gocryptfs.

I no longer own the project that was making use of gocryptfs here. To my recollection this would be a no-go; but I've pinged my successor so he can jump in here.

from gocryptfs.

Thanks for your reply!
I have several programs running under different users inside rootless docker containers, so I give those programs access by mounting with -force_owner. I can't really mount each of the folders separately from under the corresponding users, because those users do not formally exist in the host system (they exist only as subuid/subgid).

from gocryptfs.