[pass] question about multiuser functions.
Jan-Frode Myklebust
janfrode at tanso.net
Mon Jun 3 20:07:56 CEST 2013
On Mon, Jun 03, 2013 at 12:20:23PM +0200, Hubert Pasternak wrote:
>
> Is there any way to run pass for multiple users? Example: Admin of system A
> encrypts his passwords using group key? Admins of other systems can see all
> changes, but cannot delete passwords added by others...
Hmm.. I guess that should be possible to achieve trough using a gpg
group key as gpg-id, on a shared filesystem with acl's or umask 027
for all files and sticky bit for all directories under the password
store.
But it's a lot easier if you drop the don't delete requirement. I would
trust my fellow sysadmins to not change/delete a password they shouldn't.
And if they did break the trust, you can always find the guilty admin trough
git blame or git log.
-jf
More information about the Password-Store
mailing list