On 07/08/14 00:52, Sieu Truc wrote: > And on my file system, i cannot activate acl so i desgin to > give world-writable to trustdb and worldreadable to pubring and > secring. If not, the test2 cannot do securisation.
That's a really bad solution for your problem. You want to keep secring secret, and world-readable is the absolute opposite of that. And if somebody manipulates trustdb, they can make you believe a key is valid when it is in fact not. I thought about it for a little, and I think your problem can be fixed using just standard UNIX permissions. But I think the more elegant solution might lie in a completely different process where secring is not shared. That means that you should rethink your architecture, so that you don't arrive at the scenario you paint with the shared files. You should really consider that. There are many ways to satisfy your requirements. One of the reasons I write this at all is to show that actually, standard UNIX permissions can be rather flexible. By the way, I inferred admin might add public keys as well. If this is not the case, the thing only becomes simpler. Here's my idea: /etc/group: gpgsecread:x:n:test1,test2 gpgpubwrite:x:n:test1 /var/local: drwxr-xr-x admin nobody gpgshared/ /var/local/gpgshared: drwxrwxr-x admin gpgpubwrite pub/ drwxr-x--- admin gpgsecread sec/ /var/local/gpgshared/pub: -rw-rw-r-- admin gpgpubwrite pubring.gpg /var/local/gpgshared/sec: -rw-r----- admin gpgsecread secring.gpg /home/admin/.gnupg: -rw------- admin nobody gpg.conf -rw------- admin nobody random_seed -rw------- admin nobody trustdb.gpg /home/admin/.gnupg/gpg.conf: secret-keyring /var/local/gpgshared/sec/secring.gpg no-default-keyring keyring /var/local/gpgshared/pub/pubring.gpg /home/test1/.gnupg: -rw------- test1 nobody gpg.conf -rw------- test1 nobody random_seed -rw------- test1 nobody trustdb.gpg /home/test1/.gnupg/gpg.conf: secret-keyring /var/local/gpgshared/sec/secring.gpg no-default-keyring keyring /var/local/gpgshared/pub/pubring.gpg ... and so on for user test2 ... This is an example of the way the standard UNIX permissions can be used to give pretty reasonable granularity of access. The only hitch is that if world-readable access to pubring.gpg is not desired, I wouldn't know how to do that (without sudo). But for pubring.gpg, it's usually not a problem. I haven't tested it, by the way. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
