Should we make the fscrypt metadata harder to delete?

[josephlr]

I was reading this Reddit post about how someone accidentally deleted files in their /.fscrypt/ directory, and I was wondering if we could make this harder to do.

One method might be explicitly making the files have permissions of 0400 instead of 0600, and then just chmod-ing them when we need to either destroy metadata or update a policy file when we add/update a protector.

Alternatively (or additionally), we could change the file attributes to mark the metadata files as immutable.

[josephlr]

Seems like setting the immutable attribute requires root, so that's out (unless we wanted to only do this on "writable by root only" setups).

Setting the file to have mode 0400 would work, but wouldn't stop stuff like rm -f. It would however cause rm (without -f) to warn before deleting.

[srmfx]

I'd recommend you to save some backup(s) of the /.fscrypt directory, because if you don't remove it accidentally, the data could still be corrupted by a faulty hard drive on power blackouts, system crashes and/or freezes. Even a faulty motherboard could lead to crashes/freezes and leading to hard drive data corruption and therefore make you lose all your /.fscrypt.