warning msg - what does it mean

David Jourard cgi@bytesinteractive.com
Tue Dec 10 04:59:01 2002


At 11:26 PM 12/9/02 +0000, you wrote:
>Le Lundi 9 D=E9cembre 2002 23:35, David Jourard a =E9crit :
> > > > gpg: WARNING: unsafe ownership on homedir "/home/gpg"
> > > >
> > >does 'ls -l /home/gpg' give you?
> >
> > 775 owned by root and group root.
> >
>Basically, what you need is that your user name owns the folder gnupg and=
>files. Secondly, the permissions set on it must be 700 on the folders and=
>on the files. You won't get that message any more.
>And it is a lot safer that only your user can read these files rather than
>everybody !

Your suggestion is fine if the cgi scripts run as the userid of the apache=
web server. (In fact this is how I do it on another server).

The problem here is that the cgi scripts run as suid using the setuid=20
module of apache.  As you suggest each user will have to have on the server=
their own public key ring.

** I would like though to maintain just one  public key ring for all users=
using gpg for e-mail encryption. **

Is there anyway to set the permissions securely  on the keyring and  have=20
each script which runs under a different user access the one public key=20
ring and gpg.

or Is this where the limitation rests?

Thanks so far.
David J.