Open josephlr opened 9 months ago
josephlr
commented
9 months ago Seems like setting the immutable attribute requires root, so that's out (unless we wanted to only do this on "writable by root only" setups).
Setting the file to have mode 0400 would work, but wouldn't stop stuff like rm -f. It would however cause rm (without -f) to warn before deleting.
srmfx
commented
5 months ago I'd recommend you to save some backup(s) of the /.fscrypt directory, because if you don't remove it accidentally, the data could still be corrupted by a faulty hard drive on power blackouts, system crashes and/or freezes. Even a faulty motherboard could lead to crashes/freezes and leading to hard drive data corruption and therefore make you lose all your /.fscrypt.
I was reading this Reddit post about how someone accidentally deleted files in their
/.fscrypt/directory, and I was wondering if we could make this harder to do.One method might be explicitly making the files have permissions of
0400instead of0600, and then justchmod-ing them when we need to either destroy metadata or update a policy file when we add/update a protector.Alternatively (or additionally), we could change the file attributes to mark the metadata files as immutable.