Re: [gentoo-user] safe use of .gnupg
191218 Mick wrote: > On Wednesday, 18 December 2019 07:33:51 GMT Andrew Udvare wrote: >> On Dec 17, 2019, at 20:51, Philip Webb wrote: >>> When encrypting a file, I was told : >>> root:552 root> gpg -c >>> gpg: WARNING: unsafe ownership on homedir '/home/purslow/.gnupg' >>> The file is owned by my user, ie : . >>> This seems to be the default when 'gpg' is installed. >> It's probably complaining if you're running as root >> and you've set the GPG home did to be in /home/purslow/.gnupg >> rather than /root/.gnupg (and owned by root:root). >> Otherwise try setting that directory to 0700 permission (u+rwx g-rwx o-rwx). > You're using a symmetric cipher, so the complaint is only a warning > about the ownership of the gnupg configuration file being used. > You may wish your root user to have different gnupg settings > than your plain user and gnupg is warning you about it. > However, this is rather odd. When you first use gnupg as any user > without specifying a configuration file, it will try to create a new > ~/.gnupg directory with default settings and public/private keys; e.g. > # gpg -c > gpg: directory '/root/.gnupg' created > gpg: keybox '/root/.gnupg/pubring.kbx' created > Given the above the directory and files in /root/.gnupg > should be owned by root:root, rather than root:552 , > if '552' in your message is some group ID. No (smile) : '552' is the command-line number in the line spec. Thanks for both replies : I can now re-arrange things appropriately. -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca
Re: [gentoo-user] safe use of .gnupg
On Wednesday, 18 December 2019 07:33:51 GMT Andrew Udvare wrote: > > On Dec 17, 2019, at 20:51, Philip Webb wrote: > > > > When encrypting a file, I was told : > > root:552 root> gpg -c > > gpg: WARNING: unsafe ownership on homedir '/home/purslow/.gnupg' > > > > The file is owned by my user, ie : . > > This seems to be the default when 'gpg' is installed. > > It's probably complaining if you're running as root and you've set the GPG > home did to be in /home/purslow/.gnupg rather than /root/.gnupg (and owned > by root:root). Otherwise try setting that directory to 0700 permission > (u+rwx g-rwx o-rwx). > > Andrew Other than what Andrew said, you're using a symmetric cipher, so the complaint is only a warning about the ownership of the gnupg configuration file being used. You may wish your root user to have different gnupg settings than your plain user and gnupg is warning you about it. However, this is rather odd. When you first use gnupg as root (or as any user) without specifying a configuration file, it will try to create a new ~/.gnupg directory with default settings and public/private keys; e.g. # gpg -c gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created Given the above the directory and files in /root/.gnupg should be owned by root:root, rather than root:552 (if '552' in your message is some group ID). -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] safe use of .gnupg
> On Dec 17, 2019, at 20:51, Philip Webb wrote: > > When encrypting a file, I was told : > > root:552 root> gpg -c > gpg: WARNING: unsafe ownership on homedir '/home/purslow/.gnupg' > > The file is owned by my user, ie : . > This seems to be the default when 'gpg' is installed. It's probably complaining if you're running as root and you've set the GPG home did to be in /home/purslow/.gnupg rather than /root/.gnupg (and owned by root:root). Otherwise try setting that directory to 0700 permission (u+rwx g-rwx o-rwx). Andrew
[gentoo-user] safe use of .gnupg
When encrypting a file, I was told : root:552 root> gpg -c gpg: WARNING: unsafe ownership on homedir '/home/purslow/.gnupg' The file is owned by my user, ie : . This seems to be the default when 'gpg' is installed. I don't see anything insecure inside the dir. Is the msg perhaps caused by my doing the job inside /root ? -- I am always aware of the need not to abuse root access ; this is a single-user system to which no-one else has physical access. What is the recommended set-up ? -- ,, SUPPORT ___//___, Philip Webb ELECTRIC /] [] [] [] [] []| Cities Centre, University of Toronto TRANSIT`-O--O---' purslowatchassdotutorontodotca