dirmngr: restricting access to socket, why? Debian Default
bernhard at intevation.de
Fri Jan 7 13:02:45 CET 2011
Hi Peter, Hi Werner,
the current revisions of dirmngr in Debian restricts access to the
system service to users in gid "dirmngr" (e.g. 1.0.3-1 or 1.1.0-0kk1 ).
Is there a reason to do so?
The result of the default is that regular users cannot use this system service
and they should be able to do this, in my view. Or do you know a reason why
they should not that I have missed?
This could be a missunderstanding, because:
This directory keeps the socket file for accsing dirmngr services. The name
of the socket file will be socket. Make sure that this directory has the
proper permissions to let dirmngr create the socket file and that eligible
users may read and write to that socket.
I guess Werner or Marcus mentioned that so that enough access is granted,
So I suggest to change the default in
# Defaults for dirmngr init script
# sourced by /etc/init.d/dirmngr
# This variable contols the access mode of the dirmngr socket. Set it
# to 0770 to allow only users in the "dirmngr" group to access the
# socket and thus use the daemon. Set it to 0777 to allow everyone to
# use the daemon. The default is 0770.
to 0777. :)
Peter, an extra thank you for maintaining Debian packages!
Note that 1.1.0 is out and that afterwards dirmngrs will come with the gnupg
2.1 sources. Let me know if I should created Debian reports for this or not.
 packages by us for Lenny. There is already 1.1.0 available.
Managing Director - Owner: www.intevation.net (Free Software Company)
Deputy Coordinator Germany: fsfe.org. Board member: www.kolabsys.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel