How to authenticate permissions of a local user?

Art Hampton
Wed, 16 Jun 1999 14:11:32 -0500

> Passphrases are really intended to certify the identity of the user running
> the command - and need to be interactive. There *is* an option "--passphrase-fd"
> which allows you to specify that the passphrase should be read from that
> (numeric) FD, but the documentation *also* says "Don't use this option if
> you can avoid it". Since you say you'd put the passphrase in a file only
> readably by the SUID script, an alternative would be to use a key *without*
> a passphrase stored in a keyring only readable by the SUID script. This is
> equivalent in terms of the protection it gives.
I didn't realize (or forgot) that you could create a key without a passphrase. I tried that method (passphrase in a keyring only readable by the setuid script), and I got: gpg: Ohhhh jeeee: ... this is a bug (rndunix.c:731:gather_random) Within rndunix.c, it is intentionally bailing out because of my attempt to use it in a setuid script: /* make sure we are not setuid */ if( getuid() != geteuid() ) BUG(); So I'm left with the somewhat more cumbersome --passphrase-fd (which I haven't yet tried, but hopefully I'll be more successful). I'm sorry that I completely overlooked this option (--passphrase-fd) and bugged the list.... Thanks for your help David.