réjean Posted July 23, 2014 Share Posted July 23, 2014 Do I need to bother with this message I get when I start PCLinuxOS? You must fix the GnuPG error first before running KGpg. Details. gpg: WARNING: unsafe permissions on configuration file `/home/rejean/.gnupg/gpg.conf' gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/rejean/.gnupg/gpg.conf' Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 23, 2014 Share Posted July 23, 2014 If you use gpg, then yes. Here are the correct permissions from my machine: 1 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 and here is why I have; gpg: WARNING: unsafe permissions on configuration file `/home/rejean/.gnupg/gpg.conf' gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/rejean/.gnu [rejean@localhost ~]$ ls -al .gnupg/gpg.conf -rw-rw-r-- 1 rejean rejean 36 Jul 3 23:44 .gnupg/gpg.conf [rejean@localhost ~]$ Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 Is this better? [root@localhost rejean]# ls -al .gnupg total 160 drwxr-xr-t 3 rejean rejean 4096 Jul 23 11:45 ./ drwxrwxrwx 38 rejean rejean 4096 Jul 23 11:47 ../ -rwxr-xr-t 1 rejean rejean 50 Jul 23 2014 gpg-agent-info* -rw-r--r-T 1 rejean rejean 36 Jul 3 23:44 gpg.conf drwxr-xr-t 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/ -rwxr-xr-t 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg* -rwxr-xr-t 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~* -rw-r--r-T 1 rejean rejean 600 Jul 3 23:46 random_seed -rw-r--r-T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg -rwxr-xr-t 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg* [root@localhost rejean]# Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 23, 2014 Share Posted July 23, 2014 I am not really for sure but they do differ from mine. Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 23, 2014 Share Posted July 23, 2014 Did you copy these from your PCLos install? Did you reboot after you changed the perms? Still getting the error on reboot? Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 23, 2014 Share Posted July 23, 2014 The first two "files" listed drwxr-xr-t 3 rejean rejean 4096 Jul 23 11:45 ./ drwxrwxrwx 38 rejean rejean 4096 Jul 23 11:47 ../ should be drwx------ 2 rejean rejean 4096 Jul 19 01:37 . drwxr-xr-x 22 rejean rejean 4096 Jul 22 22:13 .. The rest of the files -rwxr-xr-t 1 rejean rejean 50 Jul 23 2014 gpg-agent-info* -rw-r--r-T 1 rejean rejean 36 Jul 3 23:44 gpg.conf -rwxr-xr-t 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg* -rwxr-xr-t 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~* -rw-r--r-T 1 rejean rejean 600 Jul 3 23:46 random_seed -rw-r--r-T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg -rwxr-xr-t 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg* should only have -rw------- Except the directory drwxr-xr-t 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/ which you need -rwx------ For strict security. Some uses/applications will require additional permissions, but any additional permissions are a potential weakening of security. 2 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 (edited) @fran. The following are the latest from PCLinuxOS and yes I rebooted and no I didn't get the message this time so everything should be okay. All I've got to do now is learn how to use it. @josh I've tried to make mine look as much as yours as I could. So here is what I got; [rejean@localhost ~]$ ls -al .gnupg total 160 drwxr-x--T 3 rejean rejean 4096 Jul 23 13:21 ./ drwxrwxrwx 38 rejean rejean 4096 Jul 23 13:01 ../ -rwxr--r-T 1 rejean rejean 50 Jul 23 13:01 gpg-agent-info* -rw-r--r-T 1 rejean rejean 36 Jul 3 23:44 gpg.conf drwx-----T 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/ -rwx-----T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg* -rwx-----T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~* -rw------T 1 rejean rejean 600 Jul 3 23:46 random_seed -rw------T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg -rwx-----T 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg* [rejean@localhost ~]$ @ amenditman Our posts have crossed path. How do I change the first 2 lines? So this is my final offer. Take it or leave it. lol, seriously; drwxr-x--- 3 rejean rejean 4096 Jul 23 13:21 ./ drwxrwxrwx 38 rejean rejean 4096 Jul 23 13:01 ../ -rw------T 1 rejean rejean 50 Jul 23 13:01 gpg-agent-info -rw------T 1 rejean rejean 36 Jul 3 23:44 gpg.conf drwx------ 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/ -rw------T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg -rw------T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~ -rw------T 1 rejean rejean 600 Jul 3 23:46 random_seed -rw------T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg -rw------T 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg [rejean@localhost ~]$ Edited July 23, 2014 by réjean Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 23, 2014 Share Posted July 23, 2014 (edited) You can change the first 2 lines with chmod, just like any other file. It's a Unix thing, everything is a file. chmod command can be used in several ways, depends on your way of thinking which is easiest. Example of chmod chmod 700 ./ or chmod 700 .gnupg/./ You have to either be working in the directory to be changed or add that to the command path for it to work on the correct file. From the ArchWiki about this topic Note: By default, the gnupg directory has its Permissions set to 700 and the files it contains have their permissions set to 600. Only the owner of the directory has permission to read, write and execute (r,w,x). This is for security purposes and should not be changed. In case this directory or any file inside it does not follow this security measure, you will get warnings about unsafe file and home directory permissions. 700 on a directory is drwx------ and 600 on a file is -rw------- The sticky bits set on your files/directories are probably OK so leave them unless a security expert suggests otherwise. A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user. http://www.thegeekstuff.com/2013/02/sticky-bit/ Edited July 23, 2014 by amenditman 2 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 @ amenditman. I remember Bruno instructions; http://www.brunolinux.com/02-The_Terminal/Changing_File_Permissions.html but how in the world can I get a "drwx" or even more complicated a "drwxr"? Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 23, 2014 Share Posted July 23, 2014 First cd .gnupg Second chmod 700 ./ chmod 700 ../ Third ls -al to confirm changes drwx------ 3 rejean rejean 4096 Jul 23 13:21 ./ drwx------ 38 rejean rejean 4096 Jul 23 13:01 ../ 2 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 I think I've got it now; [root@localhost rejean]# cd .gnupg [root@localhost .gnupg]# chmod 700 ./ [root@localhost .gnupg]# chmod 700 ../ [root@localhost .gnupg]# ls -al total 160 drwx------ 3 rejean rejean 4096 Jul 23 13:36 ./ drwx------ 38 rejean rejean 4096 Jul 23 14:00 ../ -rw------T 1 rejean rejean 50 Jul 23 13:01 gpg-agent-info -rw------T 1 rejean rejean 36 Jul 3 23:44 gpg.conf drwx------ 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/ -rw------T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg -rw------T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~ -rw------T 1 rejean rejean 600 Jul 3 23:46 random_seed -rw------T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg -rw------T 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg [root@localhost .gnupg]# Thanks! 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 23, 2014 Share Posted July 23, 2014 Nice tips amenditman, thanks for jumping in 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted July 23, 2014 Share Posted July 23, 2014 Great job!! Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 amenditman gets all the credit. 1 Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 23, 2014 Share Posted July 23, 2014 Have to get something from all that schooling/studying. /s Sure not having any luck with getting employed because of it. 3 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 23, 2014 Author Share Posted July 23, 2014 Hopefully soon the day will come when you, Eric and others get appreciated for your knowledge and get work based on your expertize. I sure do acknowledge it. 1 Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 23, 2014 Share Posted July 23, 2014 Our, Eric and mine, problem is that we have too much life experience. HR departments do not consider hiring new emplyees in the 50 year old plus category. We might embarrass our 30 something bosses. They will never even consider that reason or think about saying it out loud, but it is standard practice across the board. At least that's what they think. If I was one of those bosses I would want employees who were smarter and more experienced than I am. I would not be threatened by them. 4 Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 24, 2014 Share Posted July 24, 2014 (edited) A belated, quick follow-up. After reviewing the above posts I think you should remove the sticky bits. Not particularly due to security reasons, Linux will ignore it on files, but because it is unnecessary and therefore ugly. It would only be useful on Linux for a directory where multiple users needed write permissions. Since you have fixed that problem, you don't need the sticky bit. To remove the sticky bit chmod -t /.gnupg cd /.gnupg chmod -t ./ chmod -t ../ etc, continue with each file in the directory The '-t' option to chmod command will remove both the 'T' and 't'. Edited July 24, 2014 by amenditman 1 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 26, 2014 Author Share Posted July 26, 2014 I just had a great laugh. I was trying and trying your commands and it wouldn't work until I realized I wasn't in PCLinuxOS but OpenSuSE. Seriously I was wondering what the "T" stands for, since I don't remember having seen it somewhere else, do you know? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 26, 2014 Share Posted July 26, 2014 I just had a great laugh. I was trying and trying your commands and it wouldn't work until I realized I wasn't in PCLinuxOS but OpenSuSE. Seriously I was wondering what the "T" stands for, since I don't remember having seen it somewhere else, do you know? Looks like the -t switch clears the permissions: To clear it, use chmod -t /usr/local/tmp or chmod 0777 /usr/local/tmp (using numeric mode will also change directory tmp to standard permissions). https://en.wikipedia.org/wiki/Sticky_bit#Examples Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 26, 2014 Share Posted July 26, 2014 The 't' or 'T' in the permissions is the presence of the sticky bit. 't' is just the sticky bit, 'T' is the sticky bit and the 'x' permission in that slot. Using chmod with the '-t' option removes the sticky bit. So, if there was a 't' and you use the '-t' option, you should now have a '-' in that space. If there was a 'T' and you use the '-t' option, you should now have an 'x' in that space. 1 Quote Link to comment Share on other sites More sharing options...
réjean Posted July 26, 2014 Author Share Posted July 26, 2014 Okay I get it. Thanks. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted July 26, 2014 Share Posted July 26, 2014 Ok, thanks amenditman Quote Link to comment Share on other sites More sharing options...
amenditman Posted July 26, 2014 Share Posted July 26, 2014 Okay I get it. Thanks. Just trying to be thorough. I can't tell you the times I have read forum posts that claim to solve an issue and had no idea what they were talking about because they assume some level of understanding that I did not possess. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.