Ha! PASSWORD_STORE_UMASK seems to be exactly what I was looking for. How did I miss that?!
Thanks a ton! Am 23.08.18 um 08:18 schrieb Sebastian Reuße: > Raulo Olapodrido <[email protected]> writes: > >> and have all users directly work in that directory, git aside. >> >> This currently is not possible, because new files (for example >> generated via "pass insert") are getting a file permission mask of >> 0600, and no other user than its creator can read its contents. >> >> The restrictive permission mask may be good practice, but seems to be >> unnessecary, because the content is already protected by the >> encryption. Furthermore, it disables the use of a commonly shared >> password store. > > It looks like pass applies umask of 077 by default, but you can set a > less restrictive mask by setting PASSWORD_STORE_UMASK to a value of > your liking. E.g., «export PASSWORD_STORE_UMASK=007» should give full > access to your user group for newly created files. > > However, sharing a git repository and working directory among multiple > users might cause you some problems (which you may already have > considered). E.g., users might interact with the repository without > using a permissive umask (either by not setting PASSWORD_STORE_UMASK > or by using git directly with their default umask) or with their > primary user group set to something unexpected. > > Kind regards, > > SR > _______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
