2009/5/25 Stan Tobias <st...@mailshack.com>: > mike _ <arizonagroove...@gmail.com> wrote: > I don't use and I don't know how `pinentry' works, so let it be a blind > shot. `ssh' opens a new terminal session, while `su' doesn't. When you > `su - newuser', you run with stdin/stdout/stderr attached to the olduser > terminal, with the olduser owner and most probably zeroed permission > bits for the "other" group, which means newuser cannot open /dev/tty. > If a program (like `pinentry' maybe, or `screen') run by newuser tries > to read directly from a terminal which belongs to olduser, it will fail. > I sometimes "fix" this by running `exec script /dev/null'.
You've got it! It is a tty permissions problem. Apparently it's a general issue that programs that want to write directly to terminal won't work when run under su. E.g. there's mention here of someone encountering the problem with screen. http://www.mail-archive.com/screen-us...@gnu.org/msg02081.html If I do this: $ chmod o+rw $(tty) before using 'su -' to become bob then I am prompted to enter the passphrase when I run gpg. Setting such permissions on the tty device seems like something that would usually be a hideously bad idea. I think doing it on a sever which only a very small number of trusted people are able to log in to would be OK though. (Unless anyone can suggest a reason why not.) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
