possible? less restrictive file permissions
Raulo Olapodrido
raulo at olapodrido.xyz
Wed Aug 22 15:10:59 CEST 2018
Hi list,
I would like to use Ansible's pass plugin to extend Ansible with a
flexible database for sensitive information (passwords, certificates etc).
This works very well(!) for a single user. By using gpg's group feature,
it is possible to encrypt entries for multiple users. Yay!
Still, the pass directory is in the user's own home directories, and
have to be pulled from/pushed to a common git repository, to be shared
with everyone.
While this is natural to some, some users not used to Git will have
problems, like forgetting to pull/push, and being unable to handle
conflicts.
Some of that can be made easier with automatic pull/push in ~/.bashrc
and ~/.bash_logout respectively. However, a common local directory seems
more approachable to me. The problem is, that newly created files get very
restrictive file permissions, and cannot be read by other users, even of
the same group.
I did not find remedies in the mailing list archive. Does anyone have an
idea what could be tried?
Thanks!
Raulo
More information about the Password-Store
mailing list