How to preserve the permission/owner/group owner on the pubring.gpg, secring.gpg and trustdb.gpg

Sieu Truc sieutruc at gmail.com
Thu Aug 7 14:34:58 CEST 2014


>I'm really posting a *lot* of amendments to my mails currently, I'm
sorry about that. I'm trying to be too fast about it, I suppose.

No need to say sorry, iam really appreciated your help.

> gpgpubwrite:x:n:admin,test1

I understood what you suggested. But in the specification of my project ,
one user can belong to only one groups. It's hard to implement so that why
i need your help.

I set gid on the gpg folder, so it forces all created files by gpg to have
groupTest1 as group owner. It's ok
But test1 lauche the gpg command, then change the user owner of file to
his, like test1:groupTest1. The result is the admin cannot import a new key
to the keyring.... So your solution doesn't resolve that problem.

And i have a question to you and Werner, how can gpg change the user owner
ship of the file ? normally only root can change the ownership.

Truc


On Thu, Aug 7, 2014 at 2:11 PM, Peter Lebbing <peter at digitalbrains.com>
wrote:

> On 07/08/14 14:02, Peter Lebbing wrote:
> > gpgsecwrite:x:n:admin,test1
>
> Hah, I mixed things. Obviously I meant pubring, not secring, and it
> should be:
>
> gpgpubwrite:x:n:admin,test1
>
> Because otherwise admin might be locked out when test1 updates pubring;
> although I'm not sure, it depends on the exact way GnuPG will write the
> file. Creating a new file and moving the old one out of the way is
> already allowed through the permissions on the directory.
>
> I'm really posting a *lot* of amendments to my mails currently, I'm
> sorry about that. I'm trying to be too fast about it, I suppose.
>
> Peter.
>
> --
> I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
> You can send me encrypted mail if you want some privacy.
> My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140807/b9c21fc9/attachment-0001.html>


More information about the Gnupg-users mailing list