Need non-writable --homedir

Johan Wevers johanw at vulcan.xs4all.nl
Thu Sep 14 22:26:45 CEST 2006


Josef Wolf wrote:

>I need a setup where the user running "gpg -e -r foobar" is not able to
>modify keyring contents.  I tried:
>
>  # chown -R root:user     ~user/.gnupg
>  # chmod -R o=rwX,g=rX,o= ~user/.gnupg

You'd better use chattr -i on it.

>    to use --lock-never as long as it is guaranteed that _only_ "gpg -e" 
>    is ever run?  No key generation, no imports, no signung. Only
>    "gpg -e".  Is this safe?

Of course, the file can't become corrupt and it has no influence on files
you sign and/or encrypt.

> 2. There's the random_seed file.  It is modified at every run.  How can
>    I handle this?

chattr -i the keyring files but leave out the random_seed.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list