Questions regarding WKD/WKS

Bruce Walzer bwalzer at
Sat Dec 3 23:54:18 CET 2022

On Thu, Dec 01, 2022 at 02:45:33PM +0100, Andreas Heinlein via Gnupg-users wrote:
> Hello,
> I am trying to implement WKD/WKS and followed the tutorial here:
> I have a few questions:
> 1. If I follow the guidelines for creating the directory
> /var/lib/gnupg/wkd, it has ownership webkey:webkey and permissions
> 2750. So there ist no chance for the apache user to be able to read
> anything within that directory. I could solve that by adding the
> apache user to the webkey group. Is that the intended solution?

That is from this part:

    mkdir /var/lib/gnupg/wks
    chown webkey:webkey /var/lib/gnupg/wks
    chmod 2750 /var/lib/gnupg/wks

That doesn't make sense to me. I think this might count as a
documentation bug. The original author probably wanted to leave the
directory sticky instead. At any rate, the web server needs access to
this directory. Something like adding the apache user to the webkey
group sounds like a reasonable approach.


More information about the Gnupg-users mailing list