Paul L. Snyder on 27 Jul 2005 19:35:57 -0000 |
Quoting George Gallen <ggallen@slackinc.com>: > I thought about sudo running the script as myself, which should > probably work. I just hoped there was a workaround with the switches. > > I tried --keyring and --homedir, but I still get the permissions error. > So...I guess I'll give sudo a try next. You're probably getting permission denied because your ~/.gnupg directory is set with 700 permissions...which is good. You don't really want to let just anyone poke around where you're storing your secret keyring. You're probably better off trying to figure out the permissions problem than using sudo. If you get permissions wrong on the script that you're letting others run via sudo you've just created a security hole. Create a new directory in your home directory (for example) with 755 permissions, (or 750 if you want to limit access to the script to a particular group). Presumably, since you've given some people r-x access to the script, you already have a directory with suitable permissions. Note that users who try to run the script will need execute permissions on all the directories in the path above the keychain file. (This is why they can't get to your public keychain, even if you've set permissions on the file...other users don't have 'x' on your .gnupg directory.) Use gpg --export to export the key that everyone will need to access into a new public keyring, and place that keyring in the new directory or in the directory with the script. Make sure the folks who are going to run the script have read permissions for this one-key keyring. In your script, add switches that look something like --keyring /home/ggallen/publicdir/scriptring.gpg --no-default-keyring to your gpg command. Haven't tested the above, but something along those lines is probably what you are looking for. pls ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|