There is already allow_other in gocryptfs, but there is also a much safer allow_root option available in fuse that allows only the user who created the mount and root to access it. One particular use case for this is when passing the decrypted filesystem through to Docker, whose daemon runs as root, without opening up the decrypted filesystem to ALL users.