Closed balupton closed 2 years ago
With some debugging, this seems this is actually intentional and desired behaviour:
> cd /media/TankSecure/
> mkdir test-dir
> cd test-dir/
> ls -la
total 0
drwxrwxr-x 1 user-share-liturgy group-share-liturgy 74 Jan 11 03:30 .
drwxrwxr-x 1 user-share-liturgy group-share-liturgy 586 Jan 11 03:30 ..
-rw-rw-r-- 1 user-share-liturgy group-share-liturgy 0 Jan 11 03:30 a.txt
Chowns fail, even to the same user and group as the forced owner, which is fine:
> chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
> sudo chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
> sudo --user=user-share-liturgy --group=group-share-liturgy -- chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
Chmods fail, but sudo works:
> chmod 755 a.txt
chmod: changing permissions of 'a.txt': Operation not permitted
> sudo chmod 755 a.txt
> sudo --user=user-share-liturgy --group=group-share-liturgy -- chmod 766 a.txt
I'll need to update my helper scripts accordingly.
Perhaps it would be good for chowns to not fail if set to the same owner/group as the forced one.
Hrmmm, even without force owner, chowns are failing:
> gocryptfs --rw --noprealloc --allow_other /mnt/tank/TankCipher /media/TankSecure
> cd /media/TankSecure/test-dir/
> ls -la
total 0
drwxrwxr-x 1 user-share-liturgy group-share-liturgy 74 Jan 11 03:30 .
drwxrwxr-x 1 user-share-liturgy group-share-liturgy 586 Jan 11 03:30 ..
-rwxrwxrw- 1 user-share-liturgy group-share-liturgy 0 Jan 11 03:30 a.txt
> chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
> sudo chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
> sudo --user=user-share-liturgy --group=group-share-liturgy -- chown --recursive --changes user-share-liturgy:group-share-liturgy .
chown: changing ownership of './a.txt': Operation not permitted
chown: changing ownership of '.': Operation not permitted
Perhaps it is due to user error from:
https://github.com/rfjakob/gocryptfs/issues/451#issuecomment-592735687
Would this be a better approach?
sudo --user=user-share-liturgy --group=group-share-liturgy -- gocryptfs --rw --noprealloc --allow_other /mnt/tank/TankCipher /media/TankSecure
^ has no effect on changing permissions from one user to another, but no longer fails when attempting to change permissions from --user=user-share-liturgy --group=group-share-liturgy
to itself.
Tested the suggestions.
What worked was:
sudo -- gocryptfs --rw --noprealloc --allow_other /mnt/tank/TankCipher /media/TankSecure
As well as:
sudo -- gocryptfs --rw --noprealloc --allow_other --force_owner 1001:1002 /mnt/tank/TankCipher /media/TankSecure
Recently, I'm not sure since which head version, I've noticed that any chmod or chown command inside a the following gocryptfs mount fails with
Operation not permitted
Originally posted by @balupton in https://github.com/rfjakob/gocryptfs/issues/629#issuecomment-1009145874 which did not resolve the issue.