private-keys-v1.d and preserve-permissions

Martin Pätzold martin.paetzold at rheinwerk-verlag.de
Wed Sep 9 15:22:18 CEST 2020


Hello,

I am working with Debian Stretch (9.13) and GPG 2.1.18.

The "private-keys-v1.d" directory has per default the permissions 700 
(drwx------), but I need them to be 770 (drwxrwx---). I can change the 
permissions ($ chmod 770 private-keys-v1.d) but after some time they are 
be back to 700.

According to the documentation 
(https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric-Options.html#GPG-Esoteric-Options) 
there is an option "--preserve-permissions" with the description "Don't 
change the permissions of a secret keyring back to user read/write 
only." I assumed that is what I need and added this option as 
"preserve-permissions\n" to the "gpg.conf" file.

But it is not working as expected. When I stop the gpg-agent ($ gpgconf 
--kill gpg-agent) and trigger its restart ($ gpg -K), the permissions 
are back to 700. (I also checked, that the gpg.conf file is in fact used.)

Where am I wrong here? Is the setting not what I need, or do I set it 
incorrectly, or do I test it incorrectly?

And if the setting is not what I need, how can I prevent the permissions 
for "private-keys-v1.d" from changing?

Regards,
Martin



More information about the Gnupg-users mailing list