How to authenticate permissions of a local user?

[Art Hampton]

> Passphrases are really intended to certify the identity of the user running
> the command - and need to be interactive. There *is* an option "--passphrase-fd"
> which allows you to specify that the passphrase should be read from that
> (numeric) FD, but the documentation *also* says "Don't use this option if
> you can avoid it". Since you say you'd put the passphrase in a file only
> readably by the SUID script, an alternative would be to use a key *without*
> a passphrase stored in a keyring only readable by the SUID script. This is
> equivalent in terms of the protection it gives.

I didn't realize (or forgot) that you could create a key without a
passphrase.

I tried that method (passphrase in a keyring only readable by the setuid
script), and I got:
gpg: Ohhhh jeeee: ... this is a bug (rndunix.c:731:gather_random)

Within rndunix.c, it is intentionally bailing out because of my attempt
to use it in a setuid script:
        /* make sure we are not setuid */
        if( getuid() != geteuid() )
            BUG();

So I'm left with the somewhat more cumbersome --passphrase-fd (which I
haven't yet tried, but hopefully I'll be more successful).

I'm sorry that I completely overlooked this option (--passphrase-fd) and
bugged the list....

Thanks for your help David.