possible? less restrictive file permissions
Frank Thommen
f.thommen at dkfz-heidelberg.de
Thu Aug 23 09:14:14 CEST 2018
Hi Raulo,
On 08/23/2018 08:04 AM, Raulo Olapodrido wrote:
> Hi all,
>
> thank you for your suggestions, but a commonly shared local git
> repository is not what I am looking for. I am rather seeking ways to
> just use something like
>
> PASSWORD_STORE_DIR=/var/local/password-store pass
>
> and have all users directly work in that directory, git aside.
>
> This currently is not possible, because new files (for example generated
> via "pass insert") are getting a file permission mask of 0600, and no
> other user than its creator can read its contents.
>
> The restrictive permission mask may be good practice, but seems to be
> unnessecary, because the content is already protected by the encryption.
> Furthermore, it disables the use of a commonly shared password store.
>
> Or am I missing something?
yes, you are missing the pass manpage :-): $PASSWORD_STORE_UMASK sets
the umask for the password store. As I alredy wrote, we are using a
shared directory (NFS share, no git) in the group and it works just fine.
frank
More information about the Password-Store
mailing list