[ic] Permissions in PGP directory

John Rennie (home) interchange-users@icdevgroup.org
Tue Nov 5 16:02:01 2002


Nick Giovas said:
>I had the admin import my pgp key for me since my host uses cpanel, but

>I am
>still getting the following error:
>
>gpg: Warning: using insecure memory!
>gpg: /home/cpanel/.gnupg/secring.gpg: can't create keyring: Permission 
>denied
>gpg: keyblock resource `/home/cpanel/.gnupg/secring.gpg': file open
error
>gpg: /home/cpanel/.gnupg/pubring.gpg: can't create keyring: Permission
denied
>gpg: keyblock resource `/home/cpanel/.gnupg/pubring.gpg': file open
error
>gpg: orders@hollywoodequipment.com: skipped: public key not found
>gpg: [stdin]: encryption failed: public key not found.
>
>
>This may be a really stupid question, but I have tried everything else.

>Does
>the admin need to change the permissions for the directory even though
it is 
>the 'cpanel' user trying to access it?  Also, if the permissions are
correct, 
>should I be able to do an echo test to test the encryption even though
I can't 
>log in as 'cpanel'?

I had similar problems with this. I widened permissions for the
following, to get it to work. I suspect you're on a multi-user PC, so
the /home/cpanel directory won't be the one for your keyring. (It will
be /home/yourusername/.gnupg.)
.gnupg directory	rwx
.gnupg/options	r
.gnupg/pubring.gpg	r
.gnupg/random_seed	rw
.gnupg/secring.gpg	r
.gnupg/trustdb.gpg	rw

My ENCRYPTOR definition in Variables was:
/usr/bin/gpg --homedir /home/myusername/.gnupg --no-secmem-warning
--batch 
			--always-trust -e -a -r '%s'

You'll also need to set PGP_KEY to something appropriate (for you,
probably
orders@hollywoodequipment.com).

I found this through a lot of trial and error, plus Interchange source
code browsing. The random_seed one was a particular pain, as the log
message wasn't very helpful(!) You can get it to work, though (and it's
very satisfying when it does).

You'll probably hit a few other issues with cpanel -- I certainly have
done -- including getting a friendly URL and cookies to work together,
image upload from the admin UI, the 
inability to apply your own patches or code changes and a host of other
entertaining 
'features'. It is cheap, though. (I dream of being able to justify the
cost of my own dedicated server...)

Good luck,

John.