possible? less restrictive file permissions

[Sebastian Reuße]

Raulo Olapodrido <raulo at olapodrido.xyz> writes:

> and have all users directly work in that directory, git aside.
>
> This currently is not possible, because new files (for example 
> generated via "pass insert") are getting a file permission mask 
> of 0600, and no other user than its creator can read its 
> contents.
>
> The restrictive permission mask may be good practice, but seems 
> to be unnessecary, because the content is already protected by 
> the encryption. Furthermore, it disables the use of a commonly 
> shared password store.

It looks like pass applies umask of 077 by default, but you can 
set a less restrictive mask by setting PASSWORD_STORE_UMASK to a 
value of your liking. E.g., «export PASSWORD_STORE_UMASK=007» 
should give full access to your user group for newly created 
files.

However, sharing a git repository and working directory among 
multiple users might cause you some problems (which you may 
already have considered). E.g., users might interact with the 
repository without using a permissive umask (either by not setting 
PASSWORD_STORE_UMASK or by using git directly with their default 
umask) or with their primary user group set to something 
unexpected.

Kind regards,

SR

-- 
Insane cobra split the wood
Trader of the lowland breed
Call a jittney, drive away
In the slipstream we will stay