Expand description
User-only file helpers for secrets at rest.
On Unix, the helpers explicitly chmod the file/dir to 0o600 /
0o700 so other local users on the same machine cannot read them.
On Windows there is no chmod equivalent — the file inherits the
ACL of its containing directory. We rely on Tauri placing our state
inside %LOCALAPPDATA%\<identifier>\, which the OS already locks to
the user’s SID via NTFS inheritance. The #[cfg(unix)] blocks below
are therefore intentionally Windows no-ops, not missing coverage.
Functions§
- ensure_
user_ only_ dir - spawn_
periodic_ dir_ tighten - Spawn a detached background thread that re-runs
tighten_existing_files_in_dir(&dir)everyinterval. - tighten_
existing_ file - tighten_
existing_ files_ in_ dir - tighten_
once - One iteration of the periodic tighten sweep. Extracted from the
spawn_periodic_dir_tightenloop so tests can drive a single tick synchronously instead of polling against athread::sleeptimer. - write_
user_ only