How to preserve the permission/owner/group owner on the pubring.gpg, secring.gpg and trustdb.gpg
Sieu Truc
sieutruc at gmail.com
Thu Aug 7 13:44:23 CEST 2014
Thank alot for your advices and your solution, so that i understand more
about gpg.
But actually, it's not me to decide whether i should use a shared secring
but the client wants to have 3 users using the shared keyring.
Each users belong to one specific group as described above (admin:control
all, test1 (groupTest1): can add public key (no operation with secret key),
test2 (groupTest2): can use only gpg --encrypt/sign/decrypt)
On WIndows, i did that without any problem because the owner of created
file can position the access rights like adding more permissions/more
user/group on those files.
That means after an operation, i have a subfunction that allow restoring
its original permissions as well as its ownership.
In Linux, it seems impossible to use traditional permission, because one
file can have only one user, one group (other -all the others) , and the
owner of the file cannot transfer his right to the other. that's reason why
i let "others " owner acts like the test2 ( can read pubring and secring)
Maybe i will discuss with them to get something that can be feasable.
Truc
On Thu, Aug 7, 2014 at 11:55 AM, Peter Lebbing <peter at digitalbrains.com>
wrote:
> On 07/08/14 11:39, Peter Lebbing wrote:
> > I haven't tested it, by the way.
>
> Which is obvious, because Werners mail reminded me that in this setup
> you still need this:
>
> /home/admin/.gnupg/gpg.conf:
> secret-keyring /var/local/gpgshared/sec/secring.gpg
> preserve-permissions
> no-default-keyring
> keyring /var/local/gpgshared/pub/pubring.gpg
>
> Though *not* for test1 and test2, they can stay as they were, since they
> don't write secring.
>
> However, I still think you should look for a solution without a shared
> secring.
>
> HTH,
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140807/115aea86/attachment.html>
More information about the Gnupg-users
mailing list