How to preserve the permission/owner/group owner on the pubring.gpg, secring.gpg and trustdb.gpg

Sieu Truc sieutruc at gmail.com
Thu Aug 7 00:52:48 CEST 2014 

I know well your advices , but actually i need to assign 3 users to handle
the keyring.
One like admin , he can modify and add the secret key
Another like test1 , he cannot add secret key but he can add public keys
And the third callled test2 , he cannot add any key but can use that
keyring for do a securisation or desecurisation.

And on my file system, i cannot activate acl so i desgin to give
world-writable
to trustdb and worldreadable to pubring and secring. If not, the test2
cannot do securisation.

   -rw-r--r--.    1 admin  groupTest1    42  6 août  16:29 gpg-agent.conf
   -rw-r--r--.    1 admin  groupTest1  7960  6 août  16:29 gpg.conf
   -rw-rw-r--.   1 admin  groupTest1  9269  6 août  16:38 pubring.gpg
   -rw-rw-r--.   1 admin  groupTest1  9269  6 août  16:38 pubring.gpg~
   -rw-rw-rw-.    1 admin  groupTest1   600  6 août  16:35 random_seed
   -rw-r--r--.    1 admin groupTest1  2851  6 août  16:35 secring.gpg
   -rw-rw-rw-. 1 admin  groupTest1  1600  6 août  16:38 trustdb.gpg

> Additionally, if the group is set to the wrong group, you might need to
make the gpghome directory set-gid. Forgot to mention that in my mail :).

So i have already set the group id to the gpg folder, so all the
pubring.gpg, pubring.gpg~,secring.gpg created by gpg have the group of gpg
folder.
And the permission can be restored to the origin with chmod after itst

But the problem still persist because the normal user cannot user chown so
the user of 2 files pubring and secring are set to the person that launched
the command.

> GnuPG is quite serious about permissions and thus has no option to
> change that.

Therefor, i need only to fix the ownership (user) of those 2 files.

Any idea ? i dont know what you mean

> grep for S_IWUSR and add group permissions.


Truc


On Wed, Aug 6, 2014 at 9:24 PM, Peter Lebbing <peter at digitalbrains.com>
wrote:

> On 06/08/14 20:58, Werner Koch wrote:
> > GnuPG is quite serious about permissions and thus has no option to
> > change that.
>
> Can I ask what happened to --preserve-permissions? I checked the man
> pages on a Debian stable system, which mentioned them.
>
> I was a bit surprised to find the option since I agree with your current
> stance.
>
> > userv(1) is your friend.
>
> Thanks for the pointer to that service!
>
> > grep for S_IWUSR and add group permissions.
>
> Additionally, if the group is set to the wrong group, you might need to
> make the gpghome directory set-gid. Forgot to mention that in my mail :).
>
> Bye,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140807/21cb8dc7/attachment-0001.html>

More information about the Gnupg-users mailing list