private-keys-v1.d and preserve-permissions

Jerry jerry at
Thu Sep 10 11:40:36 CEST 2020

On Thu, 10 Sep 2020 11:13:34 +0200, Martin Pätzold stated:
> >> Yes, we have some period tasks that are handled by Celery. Celery
> >> has its own user on the system and this user needs at least read
> >> access to the keys, therefore we had to extend the permissions for
> >> the "private-keys-v1.d" directory to group access.  
> >
> > Long shot: does your system support ACLs?  
>Using ACL would be possible, but we are reluctant to do so, since it 
>adds a second permissions layer that is only visible if you actively 
>look for it.

Perhaps I am not understanding this correctly, but wouldn't that be a
good thing?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list