warning msg - what does it mean

David Shaw dshaw@jabberwocky.com
Tue Dec 10 17:51:02 2002


On Tue, Dec 10, 2002 at 11:03:07AM -0600, David Jourard wrote:
> Hi,
> 
> At 11:25 PM 12/9/02 -0500, David Shaw wrote:
> >On Mon, Dec 09, 2002 at 11:09:19PM -0600, David Jourard wrote:
> >> ** I would like though to maintain just one  public key ring for all 
> >users
> >> using gpg for e-mail encryption. **
> >>
> >> Is there anyway to set the permissions securely  on the keyring and  have
> >> each script which runs under a different user access the one public key
> >> ring and gpg.
> >
> >Well, no.  "Securely" in this case means that the user that owns the
> >keyring is the only one that can write to it.  If you want to have a
> >keyring that multiple users can write to, then it isn't secure by that
> >definition.
> >
> >If you put the keyring in any directory other than the home directory,
> >GnuPG won't do the permissions check.  You can also disable the
> >permissions check with --no-permission-warning.
> 
> I'm not familiar with how gpg  works when it is used to encrypt an e-mail 
> for instance; but if this is all I need it for - to encrypt an e-mail using 
> a public key - then why does it need to write to disk. I would think that 
> the gpg need only read the public key?

Sure, but you want to make sure that the public key it reads is not
one what some other process just slipped in there.  That is what the
homedir permission check helps ensure.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson