On Sun 2018-01-07 23:23:16 +1100, [email protected] wrote:
> For the actual decryption, I'm using sudo. From the original
> post, the command to set things up contains something like:
>
>   /usr/bin/screen -- \
>   /usr/bin/sudo -u thing --set-home -- \
>   /usr/bin/gpg-agent --homedir /etc/thing/.gnupg \
>     --allow-preset-passphrase \
>       --default-cache-ttl 3600 \
>       --max-cache-ttl 3600 \
>       --daemon $gpg_agent_info -- \
>   /bin/bash --login

this is deliberately launching a second agent, outside of the basic
supervision that should already be in place.

If you want to use the standard system agent, please do not launch a
separate agent.

This should be as simple as:

  screen -- sudo -u thing --login

or, if you're doing this as root already, then you don't need sudo at
all, and it could just be:

  screen -- su - testuser

If this is run from cron, it will spawn a new session, and that session
will have a systemd session manager capable of spawning gpg-agent as
needed.

unfortunately, it will not spawn a new session if run from an existing
session, see the discussion at
https://github.com/systemd/systemd/issues/7451 .

if you want to manually start a new session for a new user from within
an existing session on a machine managed by systemd, apparently
machinectl may be the way to go, but i haven't explored that in full.

hope this helps,

        --dkg

_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to