On Sun, Mar 27, 2011 at 10:43 PM, Ray Kohler <ataraxia937@gmail.com> wrote:
On Sun, Mar 27, 2011 at 10:32 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sun, Mar 27, 2011 at 11:14 AM, Ray Kohler <ataraxia937@gmail.com> wrote:
Use mode 755, so non-root users can see inside. Add "--no-permission-warning" to GPG_PACMAN to suppress the noise that otherwise comes of not using mode 700 - this is not private data.
GPGme turns out not to issue this warning itself, so no problem there.
TODO: should non-root users be allowed to use the read-only operations (--list, --export, --finger)? I would say yes- is there any reason not to allow them to?
I'll do that, then - but in a second patch, not an update to this one.
The apparently read-only operations turn out not to be so. gpg insists on creating a lock file in the homedir, such that even if we grant non-root users read access to the homedir, pubring, and trustdb, these will still fail: $ ./pacman-key -l gpg: failed to create temporary file `/etc/pacman.d/gnupg/.#lk0x911500.asenath.cc.cmu.edu.26039': Permission denied gpg: fatal: can't create lock for `/etc/pacman.d/gnupg/trustdb.gpg' secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768 I'm going to bail out on this one.