private-keys-v1.d and preserve-permissions

Jerry jerry at seibercom.net
Thu Sep 10 11:40:36 CEST 2020


On Thu, 10 Sep 2020 11:13:34 +0200, Martin Pätzold stated:
> >> Yes, we have some period tasks that are handled by Celery. Celery
> >> has its own user on the system and this user needs at least read
> >> access to the keys, therefore we had to extend the permissions for
> >> the "private-keys-v1.d" directory to group access.  
> >
> > Long shot: does your system support ACLs?  
>
>Using ACL would be possible, but we are reluctant to do so, since it 
>adds a second permissions layer that is only visible if you actively 
>look for it.

Perhaps I am not understanding this correctly, but wouldn't that be a
good thing?

-- 
Jerry


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200910/d7db725a/attachment.sig>


More information about the Gnupg-users mailing list