RE: [PLUG] GPG question/problem

George Gallen on 27 Jul 2005 19:57:25 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] GPG question/problem

From: "George Gallen" <ggallen@slackinc.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: RE: [PLUG] GPG question/problem

Date: Wed, 27 Jul 2005 15:57:05 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Thread-index: AcWS4oRHIuM9OMHzTzqdjZTvbcuiggAAnXCw

Thread-topic: [PLUG] GPG question/problem

thanks. ok. how do I create a new keyring the new directory? Thanks -----Original Message----- From: plug-bounces@lists.phillylinux.org [mailto:plug-bounces@lists.phillylinux.org]On Behalf Of Paul L. Snyder Sent: Wednesday, July 27, 2005 3:36 PM To: Philadelphia Linux User's Group Discussion List Subject: RE: [PLUG] GPG question/problem Quoting George Gallen <ggallen@slackinc.com>: > I thought about sudo running the script as myself, which should > probably work. I just hoped there was a workaround with the switches. > > I tried --keyring and --homedir, but I still get the permissions error. > So...I guess I'll give sudo a try next. You're probably getting permission denied because your ~/.gnupg directory is set with 700 permissions...which is good. You don't really want to let just anyone poke around where you're storing your secret keyring. You're probably better off trying to figure out the permissions problem than using sudo. If you get permissions wrong on the script that you're letting others run via sudo you've just created a security hole. Create a new directory in your home directory (for example) with 755 permissions, (or 750 if you want to limit access to the script to a particular group). Presumably, since you've given some people r-x access to the script, you already have a directory with suitable permissions. Note that users who try to run the script will need execute permissions on all the directories in the path above the keychain file. (This is why they can't get to your public keychain, even if you've set permissions on the file...other users don't have 'x' on your .gnupg directory.) Use gpg --export to export the key that everyone will need to access into a new public keyring, and place that keyring in the new directory or in the directory with the script. Make sure the folks who are going to run the script have read permissions for this one-key keyring. In your script, add switches that look something like --keyring /home/ggallen/publicdir/scriptring.gpg --no-default-keyring to your gpg command. Haven't tested the above, but something along those lines is probably what you are looking for. pls ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Prev by Date: Re: [PLUG] GPG question/problem

Next by Date: RE: [PLUG] GPG question/problem

Previous by thread: Re: [PLUG] GPG question/problem

Next by thread: RE: [PLUG] GPG question/problem

Index(es):

Date

Thread