-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should we make the fscrypt metadata harder to delete? #388
Comments
Seems like setting the immutable attribute requires root, so that's out (unless we wanted to only do this on "writable by root only" setups). Setting the file to have mode |
I'd recommend you to save some backup(s) of the /.fscrypt directory, because if you don't remove it accidentally, the data could still be corrupted by a faulty hard drive on power blackouts, system crashes and/or freezes. Even a faulty motherboard could lead to crashes/freezes and leading to hard drive data corruption and therefore make you lose all your /.fscrypt. |
I was reading this Reddit post about how someone accidentally deleted files in their
/.fscrypt/
directory, and I was wondering if we could make this harder to do.One method might be explicitly making the files have permissions of
0400
instead of0600
, and then justchmod
-ing them when we need to either destroy metadata or update a policy file when we add/update a protector.Alternatively (or additionally), we could change the file attributes to mark the metadata files as immutable.
The text was updated successfully, but these errors were encountered: