possible? less restrictive file permissions
Raulo Olapodrido
raulo at olapodrido.xyz
Thu Aug 23 08:38:37 CEST 2018
Ha!
PASSWORD_STORE_UMASK seems to be exactly what I was looking for. How did
I miss that?!
Thanks a ton!
Am 23.08.18 um 08:18 schrieb Sebastian Reuße:
> Raulo Olapodrido <raulo at olapodrido.xyz> writes:
>
>> and have all users directly work in that directory, git aside.
>>
>> This currently is not possible, because new files (for example
>> generated via "pass insert") are getting a file permission mask of
>> 0600, and no other user than its creator can read its contents.
>>
>> The restrictive permission mask may be good practice, but seems to be
>> unnessecary, because the content is already protected by the
>> encryption. Furthermore, it disables the use of a commonly shared
>> password store.
>
> It looks like pass applies umask of 077 by default, but you can set a
> less restrictive mask by setting PASSWORD_STORE_UMASK to a value of
> your liking. E.g., «export PASSWORD_STORE_UMASK=007» should give full
> access to your user group for newly created files.
>
> However, sharing a git repository and working directory among multiple
> users might cause you some problems (which you may already have
> considered). E.g., users might interact with the repository without
> using a permissive umask (either by not setting PASSWORD_STORE_UMASK
> or by using git directly with their default umask) or with their
> primary user group set to something unexpected.
>
> Kind regards,
>
> SR
>
More information about the Password-Store
mailing list