Cant create directory error

Mon Apr 25 21:32:15 CEST 2005

>Message: 6
>Date: Sun, 24 Apr 2005 16:37:14 +1000
>From: Peter Jones <pete at petesplace.id.au>
>Subject: Re: Cant create directory error
>To: gnupg-users at gnupg.org
>Message-ID: <200504241637.14279.pete at petesplace.id.au>
>Content-Type: text/plain;  charset="iso-8859-1"
>
>On Thu, 21 Apr 2005 03:26 am, Carlos M wrote:
>> Hi there im having problems trying to decrypt a message using PHP or
>> Perl. When i run the perl script directly from the linux bash it works
>> just fine, but when i run the script from the browser it doesnt work.
>> Checkin the apache logs it says:
>>
>> Name "main::passphrase" used only once: possible typo at
>> /usr/local/apache/cgi-bin/decrypt.pl line 10.
>> gpg: fatal: ~/.gnupg: can't create directory: No such file or directory
>>
>> I create the keys using root as user. I got the .gnupg directory on
>> /root with the correct keys in there. I have the correct keys in my
>> local repository. I dont know what im doing wrong.
>
>I cannot see any other responses [possibly because the Reply-to on your 
>message doesn't seem to be configured correctly??] to this so I'll give 
>it a shot.
>
>It is almost certain that apache is not running as root (and if it *is*, 
>it is a very bad security risk!)
>
>Chances are it will be running as either user "apache", or as "nobody"; 
>you will need to check your httpd.conf file to be sure.  Apache, 
>therefore, calls your cgi script as this user, and your script calls gpg 
>as this user.  gpg then tries to create ~/.gnupg -- and either the user 
>home directory doesn't exist, or (for various security reasons) apache 
>does not have wtrite access to it.
>
>Best bet is to create a .gnupg file somewhere apache can find it, then in 
>your script use "gpg --options /path/to/.gnupg" to specify the correct 
>options file for it to use...
>
>(Additionally I'd investigate that main::passphrase warning if I were 
>you! ;-))

I don't know whether he has Apache in a default config on a 'nix box
or what.  I am assuming he has some version of 'nix with the word "root"
in the lines.  If it is a default config, then he has an Apache user:

Password Entries:
=================
apache:x:48:48:Apache:/var/www:/sbin/nologin
...
hhhobbit:x:500:500:Henry Hertz Hobbit:/home/hhhobbit:/bin/bash

Group Entries:
==============
apache:x:48:
...
hhhobbit:x:500:

He can create the .gnupg folder as an ordinary user or as root, but in
any case he will have to move the folder (eventually) to /var/www and
chown and chgrp it to apache.  On Linux:

cd # to where your .gnupg was created
cp -rp .gnupg /var/www
cd /var/www
chown -R apache:apache .gnupg
chmod 700 .gnupg
cd .gnupg
chmod 400 *

There is one tricky problem; apache has the /sbin/nologin shell which
means apache cannot login, but I assume that is easily handled by the
way it is started up, and the fact that you are forking off another
process off of something already running.

Ciao

Henry Hertz Hobbit
-- 
Key Name:  "Henry Hertz Hobbit" <hhhobbit at securemecca.net>
pub   1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11]
Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62

__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp