trustdb opened for writing needlessly?

Frank Tobin ftobin at
Sun Apr 22 07:52:01 CEST 2001

Hash: SHA1

It seems that GnuPG needless tries to open trustdb.gpg for writing, even
when --always-trust is given.

Consider this scenario.  I have read-only access to trustdb.gpg.
I cannot do "gpg --always-trust --with-colons --list-keys", for it dies:
  gpg: fatal: /home/ftobin/.gnupg/trustdb.gpg: can't open: Permission
But I do have read access to trustdb.gpg; why would GnuPG be opening it
for anything but reading while listing keys?

This problem also exhibits itself when, again, I have read-only access to
the trustdb, and I try to decrypt "gpg --decrypt encrypted.asc":
  gpg: fatal: /home/ftobin/.gnupg/trustdb.gpg: can't open: Permission
Again, why is there any need to open the trustdb for writing?

This problem is extremely annoying when trying to use GnuPG in a
non-interactive, unprivileged mode, where it should only have read-only
access to the entire homedir.  Currently, I have no way for a CGI running
under the user 'nobody' to use a world-readable homedir while decrypting.

I consider this behaviour a bug in GnuPG.  GnuPG is trying to open
trustdb.gpg for writing when it should not need to; this is bad practice.

Furthermore, GnuPG does not do a good job of error-reporting when it fails
to open a file.  It says "can't open: Permission denied", but it does not
indicate "can't open for writing: Permission denied".  The indication
between failure to open for reading or writing is very important for

Tested using GnuPG 1.04h.  Note that all examples above were tested using
- --no-options.

- -- 
Frank Tobin
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.10.0 -


More information about the Gnupg-devel mailing list