possible? less restrictive file permissions
Raulo Olapodrido
raulo at olapodrido.xyz
Thu Aug 23 09:16:35 CEST 2018
Hi,
you are absolutely right! Sorry I missed it. Thanks a lot for pointing
it out!
Kind regards
Am 23.08.18 um 09:14 schrieb Frank Thommen:
> Hi Raulo,
>
> On 08/23/2018 08:04 AM, Raulo Olapodrido wrote:
>> Hi all,
>>
>> thank you for your suggestions, but a commonly shared local git
>> repository is not what I am looking for. I am rather seeking ways to
>> just use something like
>>
>> PASSWORD_STORE_DIR=/var/local/password-store pass
>>
>> and have all users directly work in that directory, git aside.
>>
>> This currently is not possible, because new files (for example generated
>> via "pass insert") are getting a file permission mask of 0600, and no
>> other user than its creator can read its contents.
>>
>> The restrictive permission mask may be good practice, but seems to be
>> unnessecary, because the content is already protected by the encryption.
>> Furthermore, it disables the use of a commonly shared password store.
>>
>> Or am I missing something?
>
> yes, you are missing the pass manpage :-): $PASSWORD_STORE_UMASK sets
> the umask for the password store. As I alredy wrote, we are using a
> shared directory (NFS share, no git) in the group and it works just fine.
>
> frank
>
More information about the Password-Store
mailing list