possible? less restrictive file permissions

Frank Thommen f.thommen at dkfz-heidelberg.de
Wed Aug 22 19:27:38 CEST 2018

Hi Raulo,

On 08/22/2018 03:10 PM, Raulo Olapodrido wrote:
> Hi list,
> I would like to use Ansible's pass plugin to extend Ansible with a
> flexible database for sensitive information (passwords, certificates etc).
> This works very well(!) for a single user. By using gpg's group feature,
> it is possible to encrypt entries for multiple users. Yay!
> Still, the pass directory is in the user's own home directories, and
> have to be pulled from/pushed to a common git repository, to be shared
> with everyone.

That's not completely correct: The pass directory can be in /any/ 
location (the environment variable $PASSWORD_STORE_DIR controls this). 
We use a password store within a group where the directory is in a 
shared location (NFS mounted directory).  That works fine and no 
pull/push is required.

I always found the idea to share a password store by git unpractical.  I 
cannot imagine, that you don't get out of sync within a very, very short 
time ;-)


> While this is natural to some, some users not used to Git will have
> problems, like forgetting to pull/push, and being unable to handle
> conflicts.
> Some of that can be made easier with automatic pull/push in ~/.bashrc
> and ~/.bash_logout respectively. However, a common local directory seems
> more approachable to me. The problem is, that newly created files get very
> restrictive file permissions, and cannot be read by other users, even of
> the same group.
> I did not find remedies in the mailing list archive. Does anyone have an
> idea what could be tried?
> Thanks!
> Raulo
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store

More information about the Password-Store mailing list