Can't enter passphrase in su session.

mike _ arizonagroovejet at gmail.com
Wed May 20 21:00:42 CEST 2009


I have an account, bob, on a machine that is used for building rpms
and then creating and signing a repository.

If I log in to the machine as bob via ssh and run

$ gpg -a --detach-sign somedir/repodata/repomd.xml

then all is well.

As the bob account will be used by multiple people I want to block ssh
logins for bob and have people log in via ssh with their own account
and use 'su -' to become the user. This then leaves a trail in the log
of who became bob when. But, if I log in to the machine as myself,
then do

$ su - bob

Then run

$ gpg -a --detach-sign somedir/repodata/repomd.xml

I get

gpg: using PGP trust model
gpg: key B97DE878: accepted as trusted key

You need a passphrase to unlock the secret key for
user: "Bob"
4096-bit RSA key, ID B97DE878, created 2009-05-19

can't connect to `/home/bob/.gnupg/S.gpg-agent': No such file or directory
gpg: no running gpg-agent - starting one
gpg-agent[29808]: command get_passphrase failed: Operation cancelled
gpg: cancelled by user
gpg: no default secret key: General error
gpg: signing failed: General error

I'm never given a chance to enter the passphrase, gpg just declares
failure and tells me I canceled the operation. Which I didn't.

I've compared the output of 'env' for both an ssh login session and
'su -' session and apart from a few variables relating to ssh, they're
the same.

There must be something different about the sessions that explains why
I'm never given a chance to enter the passphrase in the 'su -'
session, but I'm at a loss as to what.

I did try searching the mailing lists and Google, but 'su' results in
an huge amount of (at least seemingly) irrelevant hits, so I gave up
fairly quickly!

Can anyone offer any insight in this issue?

thanks,

mike



More information about the Gnupg-users mailing list