possible? less restrictive file permissions

Sebastian Reuße seb at wirrsal.net
Thu Aug 23 08:18:46 CEST 2018

Raulo Olapodrido <raulo at olapodrido.xyz> writes:

> and have all users directly work in that directory, git aside.
> This currently is not possible, because new files (for example 
> generated via "pass insert") are getting a file permission mask 
> of 0600, and no other user than its creator can read its 
> contents.
> The restrictive permission mask may be good practice, but seems 
> to be unnessecary, because the content is already protected by 
> the encryption. Furthermore, it disables the use of a commonly 
> shared password store.

It looks like pass applies umask of 077 by default, but you can 
set a less restrictive mask by setting PASSWORD_STORE_UMASK to a 
value of your liking. E.g., «export PASSWORD_STORE_UMASK=007» 
should give full access to your user group for newly created 

However, sharing a git repository and working directory among 
multiple users might cause you some problems (which you may 
already have considered). E.g., users might interact with the 
repository without using a permissive umask (either by not setting 
PASSWORD_STORE_UMASK or by using git directly with their default 
umask) or with their primary user group set to something 

Kind regards,


Insane cobra split the wood
Trader of the lowland breed
Call a jittney, drive away
In the slipstream we will stay

More information about the Password-Store mailing list