possible? less restrictive file permissions
Frank Thommen
f.thommen at dkfz-heidelberg.de
Wed Aug 22 19:27:38 CEST 2018
Hi Raulo,
On 08/22/2018 03:10 PM, Raulo Olapodrido wrote:
> Hi list,
>
> I would like to use Ansible's pass plugin to extend Ansible with a
> flexible database for sensitive information (passwords, certificates etc).
>
> This works very well(!) for a single user. By using gpg's group feature,
> it is possible to encrypt entries for multiple users. Yay!
>
> Still, the pass directory is in the user's own home directories, and
> have to be pulled from/pushed to a common git repository, to be shared
> with everyone.
That's not completely correct: The pass directory can be in /any/
location (the environment variable $PASSWORD_STORE_DIR controls this).
We use a password store within a group where the directory is in a
shared location (NFS mounted directory). That works fine and no
pull/push is required.
I always found the idea to share a password store by git unpractical. I
cannot imagine, that you don't get out of sync within a very, very short
time ;-)
Cheers
frank
> While this is natural to some, some users not used to Git will have
> problems, like forgetting to pull/push, and being unable to handle
> conflicts.
>
> Some of that can be made easier with automatic pull/push in ~/.bashrc
> and ~/.bash_logout respectively. However, a common local directory seems
> more approachable to me. The problem is, that newly created files get very
> restrictive file permissions, and cannot be read by other users, even of
> the same group.
>
> I did not find remedies in the mailing list archive. Does anyone have an
> idea what could be tried?
>
> Thanks!
>
> Raulo
>
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
More information about the Password-Store
mailing list