On Sun 2018-01-07 23:23:16 +1100, [email protected] wrote: > For the actual decryption, I'm using sudo. From the original > post, the command to set things up contains something like: > > /usr/bin/screen -- \ > /usr/bin/sudo -u thing --set-home -- \ > /usr/bin/gpg-agent --homedir /etc/thing/.gnupg \ > --allow-preset-passphrase \ > --default-cache-ttl 3600 \ > --max-cache-ttl 3600 \ > --daemon $gpg_agent_info -- \ > /bin/bash --login
this is deliberately launching a second agent, outside of the basic supervision that should already be in place. If you want to use the standard system agent, please do not launch a separate agent. This should be as simple as: screen -- sudo -u thing --login or, if you're doing this as root already, then you don't need sudo at all, and it could just be: screen -- su - testuser If this is run from cron, it will spawn a new session, and that session will have a systemd session manager capable of spawning gpg-agent as needed. unfortunately, it will not spawn a new session if run from an existing session, see the discussion at https://github.com/systemd/systemd/issues/7451 . if you want to manually start a new session for a new user from within an existing session on a machine managed by systemd, apparently machinectl may be the way to go, but i haven't explored that in full. hope this helps, --dkg _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
