Hi Laurent-- On Thu 2017-01-26 09:06:03 -0500, Laurent Bonnaud wrote: > I usually remotely log in (via ssh) as root on a system where gnupg > packages are installed and I noticed that a gpg-agent process is > created for the root user: > > # systemd-cgls > Control group /: > -.slice > ├─user.slice > │ └─user-0.slice > │ ├─user@0.service > │ │ ├─dbus.service > │ │ │ └─16957 /usr/bin/dbus-daemon --session --address=systemd: --nofork > --nopidfile --systemd-activation --syslo > │ │ ├─gpg-agent.service > │ │ │ └─15353 /usr/bin/gpg-agent --supervised > │ │ ├─init.scope > │ │ │ ├─31495 /lib/systemd/systemd --user > │ │ │ └─31497 (sd-pam) > │ │ └─gvfs-daemon.service > │ │ ├─17040 /usr/lib/gvfs/gvfsd > │ │ └─17045 /usr/lib/gvfs/gvfsd-fuse /run/user/0/gvfs -f -o big_writes > > This process is of no use to the root user and therefore the system > would be better without it. Would it be possible to prevent the > creation of this process?
It should only be active because some process queried the gpg-agent. If
nothing queries the agent, then it won't get started.
Having it in the user@0.service subtree is good because that means it
will be terminated when your session ends.
You can safely terminate the systemd-supervised agent with the same way
that you would terminate any other systemd-supervised user service:
systemctl --user stop gpg-agent
But note that if some other process wants to talk to the agent, then
systemd will start it up again automatically as requested.
Does the agent process appear as soon as you log in?
Is it possible that something in your login scripts is invoking gpg in a
way that wants to talk to the agent?
--dkg
signature.asc
Description: PGP signature
