Can't enter passphrase in su session.
arizonagroovejet at gmail.com
Tue May 26 16:50:50 CEST 2009
2009/5/25 Stan Tobias <sttob at mailshack.com>:
> mike _ <arizonagroovejet at gmail.com> wrote:
> I don't use and I don't know how `pinentry' works, so let it be a blind
> shot. `ssh' opens a new terminal session, while `su' doesn't. When you
> `su - newuser', you run with stdin/stdout/stderr attached to the olduser
> terminal, with the olduser owner and most probably zeroed permission
> bits for the "other" group, which means newuser cannot open /dev/tty.
> If a program (like `pinentry' maybe, or `screen') run by newuser tries
> to read directly from a terminal which belongs to olduser, it will fail.
> I sometimes "fix" this by running `exec script /dev/null'.
You've got it! It is a tty permissions problem. Apparently it's a
general issue that programs that want to write directly to terminal
won't work when run under su. E.g. there's mention here of someone
encountering the problem with screen.
If I do this:
$ chmod o+rw $(tty)
before using 'su -' to become bob then I am prompted to enter the
passphrase when I run gpg.
Setting such permissions on the tty device seems like something that
would usually be a hideously bad idea. I think doing it on a sever
which only a very small number of trusted people are able to log in to
would be OK though. (Unless anyone can suggest a reason why not.)
More information about the Gnupg-users