warning msg - what does it mean
David Jourard
cgi@bytesinteractive.com
Tue Dec 10 04:59:01 2002
Hi,
At 11:26 PM 12/9/02 +0000, you wrote:
>Le Lundi 9 D=E9cembre 2002 23:35, David Jourard a =E9crit :
> > > > gpg: WARNING: unsafe ownership on homedir "/home/gpg"
> > > >
>What
> > >does 'ls -l /home/gpg' give you?
> >
> > 775 owned by root and group root.
> >
>
>Basically, what you need is that your user name owns the folder gnupg and=
its
>files. Secondly, the permissions set on it must be 700 on the folders and=
600
>on the files. You won't get that message any more.
>
>And it is a lot safer that only your user can read these files rather than
>everybody !
Your suggestion is fine if the cgi scripts run as the userid of the apache=
=20
web server. (In fact this is how I do it on another server).
The problem here is that the cgi scripts run as suid using the setuid=20
module of apache. As you suggest each user will have to have on the server=
=20
their own public key ring.
** I would like though to maintain just one public key ring for all users=
=20
using gpg for e-mail encryption. **
Is there anyway to set the permissions securely on the keyring and have=20
each script which runs under a different user access the one public key=20
ring and gpg.
or Is this where the limitation rests?
Thanks so far.
David J.