Need some help with permissions and ownership when running cgi
script as user
Fri Feb 8 07:24:02 2002
I've installed gpg on the server and successfully able to encrypt from a
web form but its not exactly the way I want it.
Currently the cgi script runs under suexec hence as user however the above
works only when the 3 .gpg files: secring.gpg, pubring.gpg and trustdb.gpg
are owned and in the group of the user, and are in a folder under the CGI
user's home directory.
From a previous posting:
At 10:26 AM 1/25/02 +0100, Werner Koch wrote:
> > Q2. The public key ring is best owned by root. Is this true?
>It is always a good idea not to give write access to the CGI user, I'd
>create an extra user for this.
Now when I create a non-privileged user like gpgforkeys to own the keyring
I get the following errors:
gpg: failed to create temporary file
gpg: fatal: /home/gpgforkeys/.gnupg/trustdb.gpg: can't create lock
secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/16384
Is it possible to have the public keyring owned by the non-cgi user and
stored above document root yet for the CGI user to write what needs to be
written (which will have to be in a folder under its home directory because
of the suexec.).
The bottom line is I want to use suexec to run the script and yet I don't
want the key ring owned by the CGI user.
I hope I'm not making mountain our of a mole hill but I'm trying to create
an optimal secure setup (which I'm learning about as I do it.)
Thanks in advance