Can't enter passphrase in su session.

mike _ arizonagroovejet at
Tue May 26 16:50:50 CEST 2009

2009/5/25 Stan Tobias <sttob at>:
> mike _ <arizonagroovejet at> wrote:
> I don't use and I don't know how `pinentry' works, so let it be a blind
> shot.  `ssh' opens a new terminal session, while `su' doesn't.  When you
> `su - newuser', you run with stdin/stdout/stderr attached to the olduser
> terminal, with the olduser owner and most probably zeroed permission
> bits for the "other" group, which means newuser cannot open /dev/tty.
> If a program (like `pinentry' maybe, or `screen') run by newuser tries
> to read directly from a terminal which belongs to olduser, it will fail.
> I sometimes "fix" this by running `exec script /dev/null'.

You've got it! It is a tty permissions problem. Apparently it's a
general issue that programs that want to write directly to terminal
won't work when run under su. E.g. there's mention here of someone
encountering the problem with screen.

If I do this:

$ chmod o+rw $(tty)

before using 'su -' to become bob then I am prompted to enter the
passphrase when I run gpg.

Setting such permissions on the tty device seems like something that
would usually be a hideously bad idea. I think doing it on a sever
which only a very small number of trusted people are able to log in to
would be OK though. (Unless anyone can suggest a reason why not.)

More information about the Gnupg-users mailing list