How to preserve the permission/owner/group owner on the pubring.gpg, secring.gpg and trustdb.gpg

Peter Lebbing peter at digitalbrains.com
Thu Aug 7 11:39:14 CEST 2014 

On 07/08/14 00:52, Sieu Truc wrote:
> And on my file system, i cannot activate acl so i desgin to
> give  world-writable to trustdb and worldreadable to pubring and
> secring. If not, the test2 cannot do securisation.

That's a really bad solution for your problem. You want to keep secring
secret, and world-readable is the absolute opposite of that. And if
somebody manipulates trustdb, they can make you believe a key is valid
when it is in fact not.

I thought about it for a little, and I think your problem can be fixed
using just standard UNIX permissions. But I think the more elegant
solution might lie in a completely different process where secring is
not shared. That means that you should rethink your architecture, so
that you don't arrive at the scenario you paint with the shared files.
You should really consider that. There are many ways to satisfy your
requirements. One of the reasons I write this at all is to show that
actually, standard UNIX permissions can be rather flexible.

By the way, I inferred admin might add public keys as well. If this is
not the case, the thing only becomes simpler.

Here's my idea:

/etc/group:
gpgsecread:x:n:test1,test2
gpgpubwrite:x:n:test1

/var/local:
drwxr-xr-x admin nobody          gpgshared/

/var/local/gpgshared:
drwxrwxr-x admin gpgpubwrite     pub/
drwxr-x--- admin gpgsecread      sec/

/var/local/gpgshared/pub:
-rw-rw-r-- admin gpgpubwrite     pubring.gpg

/var/local/gpgshared/sec:
-rw-r----- admin gpgsecread      secring.gpg

/home/admin/.gnupg:
-rw------- admin nobody          gpg.conf
-rw------- admin nobody          random_seed
-rw------- admin nobody          trustdb.gpg

/home/admin/.gnupg/gpg.conf:
secret-keyring /var/local/gpgshared/sec/secring.gpg
no-default-keyring
keyring /var/local/gpgshared/pub/pubring.gpg

/home/test1/.gnupg:
-rw------- test1 nobody          gpg.conf
-rw------- test1 nobody          random_seed
-rw------- test1 nobody          trustdb.gpg

/home/test1/.gnupg/gpg.conf:
secret-keyring /var/local/gpgshared/sec/secring.gpg
no-default-keyring
keyring /var/local/gpgshared/pub/pubring.gpg

... and so on for user test2 ...

This is an example of the way the standard UNIX permissions can be used
to give pretty reasonable granularity of access. The only hitch is that
if world-readable access to pubring.gpg is not desired, I wouldn't know
how to do that (without sudo). But for pubring.gpg, it's usually not a
problem.

I haven't tested it, by the way.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

More information about the Gnupg-users mailing list