Need non-writable --homedir
Johan Wevers
johanw at vulcan.xs4all.nl
Thu Sep 14 22:26:45 CEST 2006
Josef Wolf wrote:
>I need a setup where the user running "gpg -e -r foobar" is not able to
>modify keyring contents. I tried:
>
> # chown -R root:user ~user/.gnupg
> # chmod -R o=rwX,g=rX,o= ~user/.gnupg
You'd better use chattr -i on it.
> to use --lock-never as long as it is guaranteed that _only_ "gpg -e"
> is ever run? No key generation, no imports, no signung. Only
> "gpg -e". Is this safe?
Of course, the file can't become corrupt and it has no influence on files
you sign and/or encrypt.
> 2. There's the random_seed file. It is modified at every run. How can
> I handle this?
chattr -i the keyring files but leave out the random_seed.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list