private-keys-v1.d and preserve-permissions

[Martin Pätzold]

 >> Yes, we have some period tasks that are handled by Celery. Celery has
 >> its own user on the system and this user needs at least read access to
 >> the keys, therefore we had to extend the permissions for the
 >> "private-keys-v1.d" directory to group access.
 >
 > Long shot: does your system support ACLs?

Using ACL would be possible, but we are reluctant to do so, since it 
adds a second permissions layer that is only visible if you actively 
look for it.

Regards,
Martin