Proposal with patch: Make socket directory host dependent

Sun Nov 19 14:59:27 CET 2017

Hello,

> > Unfortunately I cannot use /run/user/(userid) because it is
> > maintained by systemd and in my webmailer situation it can be
> > deleted even if the agent is still running. (systemd does not know
> > anything about the sessions of a webmailer.)

> I'm not convinced this response makes much sense.  Why *wouldn't* the
> system's service manager (systemd, in your case) be unaware of
> webmailer sessions?

> What is your webmail configuration doing that it is switching to a
> new user session, but deliberately avoiding registering that user
> session with the local system service manager?

Because systemd manages processes on a *single* host. I have servers
clustered and distributed over two locations for fail safety and load
distribution and a webmailer session is valid on all cluster hosts.
systemd (more exactly: "systemd-logind") cannot be used to manage
cluster-wide sessions.

So I have to fight with the fact that my webmailer is running in a 
cluster, but GnuPG and its agent are not because they use 
localhost-only sockets for interprocess communication and never were 
designed to be used in a cluster environment.

I want to use GnuPG because it is the best software for this purpose so 
my webmailer gives GnuPG an environment it is happy with.

Some more background information:

I do not need GnuPG sessions at all. If I could call gpgsm in a way
that no gpg-agent or dirmngr process and no socket file would survive
this call, this would be slower but I could live with it.

But GnuPG is now built in a way that always socket files are created
and that always gpg-agent and dirmngr are started the first time they
are needed. (You definitely have very good reasons to do so, avoiding
long startup times is one of them.) So I have to live with these files
and processes, for nearly 100,000 possible users.

Because the processes are running on single hosts, the socket files
must be placed on host-local file systems. Otherwise processes on other
hosts see the socket files but do not see the agents. Fall-back
location of the socket file is the user's home directory. In my
situation, this is a cluster-wide file system. And so I got into
trouble. This is the main cause for my patch and proposal.

To solve the problems, I must make sure that GnuPG places the socket
files on host-only file systems. My patch and proposal have this single
aim: Place the socket on a host-only file system but do not allow
cluster-unaware managers like "systemd-logind" to bother with them. So
I cannot use /run/user/ or /var/run/user/ that are managed by
systemd-logind.

A general solution would be to make these directories configurable. I
do not dare to ask you to develop such a general solution.

A simple solution would be to prepend GnuPG-specific host-local
directories not managed by systemd-logind to the list of directories.
Hence my proposal. According to the Linux File System Standard,
/var/run/gnupg/ (or /run/gnupg/ on those systems using /run/ ) seems to
be the best place in my eyes.

So my proposal (prepend /run/gnupg and /var/run/gnupg to /run and
/var/run ) would solve my problem. (My webmailer can make sure that
/run/gnupg/user/<UID> exists and has the correct owner, group, and
permissions before calling gpgsm. And my cluster-aware session
management can clean these directories.)

(I know that my solution can cause multiple agents running for the same 
user on different hosts concurrently. But as far as I can see you are 
using proper file locking so this does not cause any problem. At least 
in the last 3 years my patch (see first mail of this thread) has not 
caused any problem.)

Best regards
-- 
Rainer Perske
Abteilung Systembetrieb und Leiter der Zertifizierungsstelle (WWUCA)
Zentrum für Informationsverarbeitung (Universitätsrechenzentrum)

Westfälische Wilhelms-Universität
Zentrum für Informationsverarbeitung
Rainer Perske
Röntgenstraße 7-13
48149 Münster

Tel.: +49 251 83-31582
Fax.: +49 251 83-31555
E-Mail: rainer.perske at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/Mitarbeiter/RainerPerske.shtml
Büro: Raum 006, Röntgenstraße 11
Lageplan: http://wwwuv2.uni-muenster.de/uniplan/?action=spot&gebnr=7474

Zertifizierungsstelle der Universität Münster (WWUCA):
Tel.: +49 251 83-31590
Fax.: +49 251 83-31555
E-Mail: ca at uni-muenster.de
WWW: https://www.uni-muenster.de/WWUCA/

Zentrum für Informationsverarbeitung (ZIV):
Tel.: +49 251 83-31600 (Mo-Fr 7:30-17:30 Uhr)
Fax.: +49 251 83-31555
E-Mail: ziv at uni-muenster.de
WWW: https://www.uni-muenster.de/ZIV/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6807 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171119/4dfd5d95/attachment.bin>