Jump to content

GnuPG failed to start


réjean

Recommended Posts

Do I need to bother with this message I get when I start PCLinuxOS?

 

You must fix the GnuPG error first before running KGpg.

Details.

gpg: WARNING: unsafe permissions on configuration file `/home/rejean/.gnupg/gpg.conf'

gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/rejean/.gnupg/gpg.conf'

Link to comment
Share on other sites

and here is why I have;

gpg: WARNING: unsafe permissions on configuration file `/home/rejean/.gnupg/gpg.conf'
gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/rejean/.gnu
[rejean@localhost ~]$ ls -al  .gnupg/gpg.conf
-rw-rw-r-- 1 rejean rejean 36 Jul  3 23:44 .gnupg/gpg.conf
[rejean@localhost ~]$

Link to comment
Share on other sites

Is this better?

[root@localhost rejean]# ls -al .gnupg
total 160
drwxr-xr-t  3 rejean rejean  4096 Jul 23 11:45 ./
drwxrwxrwx 38 rejean rejean  4096 Jul 23 11:47 ../
-rwxr-xr-t  1 rejean rejean    50 Jul 23  2014 gpg-agent-info*
-rw-r--r-T  1 rejean rejean    36 Jul  3 23:44 gpg.conf
drwxr-xr-t  2 rejean rejean  4096 May 16 00:54 private-keys-v1.d/
-rwxr-xr-t  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg*
-rwxr-xr-t  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg~*
-rw-r--r-T  1 rejean rejean   600 Jul  3 23:46 random_seed
-rw-r--r-T  1 rejean rejean  1548 Jul  3 23:46 secring.gpg
-rwxr-xr-t  1 rejean rejean  1280 Jul  3 23:46 trustdb.gpg*
[root@localhost rejean]#


Link to comment
Share on other sites

Guest LilBambi

Did you copy these from your PCLos install?

 

Did you reboot after you changed the perms?

 

Still getting the error on reboot?

Link to comment
Share on other sites

The first two "files" listed

drwxr-xr-t  3 rejean rejean  4096 Jul 23 11:45 ./
drwxrwxrwx 38 rejean rejean  4096 Jul 23 11:47 ../

should be

drwx------  2 rejean rejean 4096 Jul 19 01:37 .
drwxr-xr-x 22 rejean rejean 4096 Jul 22 22:13 ..

The rest of the files

-rwxr-xr-t  1 rejean rejean	 50 Jul 23  2014 gpg-agent-info*
-rw-r--r-T  1 rejean rejean	 36 Jul  3 23:44 gpg.conf
-rwxr-xr-t  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg*
-rwxr-xr-t  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg~*
-rw-r--r-T  1 rejean rejean   600 Jul  3 23:46 random_seed
-rw-r--r-T  1 rejean rejean  1548 Jul  3 23:46 secring.gpg
-rwxr-xr-t  1 rejean rejean  1280 Jul  3 23:46 trustdb.gpg*

should only have

-rw-------

Except the directory

drwxr-xr-t  2 rejean rejean  4096 May 16 00:54 private-keys-v1.d/

which you need

-rwx------

For strict security.

 

Some uses/applications will require additional permissions, but any additional permissions are a potential weakening of security.

  • Like 2
Link to comment
Share on other sites

@fran. The following are the latest from PCLinuxOS and yes I rebooted and no I didn't get the message this time so everything should be okay. All I've got to do now is learn how to use it.

@josh I've tried to make mine look as much as yours as I could.

So here is what I got;

[rejean@localhost ~]$ ls -al .gnupg
total 160
drwxr-x--T 3 rejean rejean 4096 Jul 23 13:21 ./
drwxrwxrwx 38 rejean rejean 4096 Jul 23 13:01 ../
-rwxr--r-T 1 rejean rejean 50 Jul 23 13:01 gpg-agent-info*
-rw-r--r-T 1 rejean rejean 36 Jul 3 23:44 gpg.conf
drwx-----T 2 rejean rejean 4096 May 16 00:54 private-keys-v1.d/
-rwx-----T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg*
-rwx-----T 1 rejean rejean 62896 Jul 3 23:46 pubring.gpg~*
-rw------T 1 rejean rejean 600 Jul 3 23:46 random_seed
-rw------T 1 rejean rejean 1548 Jul 3 23:46 secring.gpg
-rwx-----T 1 rejean rejean 1280 Jul 3 23:46 trustdb.gpg*
[rejean@localhost ~]$ 

 

@ amenditman Our posts have crossed path. How do I change the first 2 lines?

So this is my final offer. Take it or leave it. lol, seriously;

 

drwxr-x---  3 rejean rejean  4096 Jul 23 13:21 ./
drwxrwxrwx 38 rejean rejean  4096 Jul 23 13:01 ../
-rw------T  1 rejean rejean    50 Jul 23 13:01 gpg-agent-info
-rw------T  1 rejean rejean    36 Jul  3 23:44 gpg.conf
drwx------  2 rejean rejean  4096 May 16 00:54 private-keys-v1.d/
-rw------T  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg
-rw------T  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg~
-rw------T  1 rejean rejean   600 Jul  3 23:46 random_seed
-rw------T  1 rejean rejean  1548 Jul  3 23:46 secring.gpg
-rw------T  1 rejean rejean  1280 Jul  3 23:46 trustdb.gpg
[rejean@localhost ~]$

Edited by réjean
Link to comment
Share on other sites

You can change the first 2 lines with chmod, just like any other file.

It's a Unix thing, everything is a file.

 

chmod command can be used in several ways, depends on your way of thinking which is easiest.

Example of chmod

chmod 700 ./
or
chmod 700 .gnupg/./

You have to either be working in the directory to be changed or add that to the command path for it to work on the correct file.

 

From the ArchWiki about this topic

Note: By default, the gnupg directory has its Permissions set to 700 and the files it contains have their permissions set to 600. Only the owner of the directory has permission to read, write and execute (r,w,x). This is for security purposes and should not be changed. In case this directory or any file inside it does not follow this security measure, you will get warnings about unsafe file and home directory permissions.

 

700 on a directory is

drwx------

and 600 on a file is

-rw-------

 

The sticky bits set on your files/directories are probably OK so leave them unless a security expert suggests otherwise.

A Sticky bit is a permission bit that is set on a file or a directory that lets only the owner of the file/directory or the root user to delete or rename the file. No other user is given privileges to delete the file created by some other user.
http://www.thegeekstuff.com/2013/02/sticky-bit/ Edited by amenditman
  • Like 2
Link to comment
Share on other sites

First

cd .gnupg

Second

chmod 700 ./
chmod 700 ../

Third

ls -al

to confirm changes

drwx------  3 rejean rejean  4096 Jul 23 13:21 ./
drwx------ 38 rejean rejean  4096 Jul 23 13:01 ../

  • Like 2
Link to comment
Share on other sites

I think I've got it now;

[root@localhost rejean]# cd .gnupg
[root@localhost .gnupg]# chmod 700 ./
[root@localhost .gnupg]# chmod 700 ../
[root@localhost .gnupg]# ls -al
total 160
drwx------  3 rejean rejean  4096 Jul 23 13:36 ./
drwx------ 38 rejean rejean  4096 Jul 23 14:00 ../
-rw------T  1 rejean rejean    50 Jul 23 13:01 gpg-agent-info
-rw------T  1 rejean rejean    36 Jul  3 23:44 gpg.conf
drwx------  2 rejean rejean  4096 May 16 00:54 private-keys-v1.d/
-rw------T  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg
-rw------T  1 rejean rejean 62896 Jul  3 23:46 pubring.gpg~
-rw------T  1 rejean rejean   600 Jul  3 23:46 random_seed
-rw------T  1 rejean rejean  1548 Jul  3 23:46 secring.gpg
-rw------T  1 rejean rejean  1280 Jul  3 23:46 trustdb.gpg
[root@localhost .gnupg]#

Thanks!

  • Like 1
Link to comment
Share on other sites

Have to get something from all that schooling/studying. /s

Sure not having any luck with getting employed because of it.

  • Like 3
Link to comment
Share on other sites

Hopefully soon the day will come when you, Eric and others get appreciated for your knowledge and get work based on your expertize. I sure do acknowledge it.

  • Like 1
Link to comment
Share on other sites

Our, Eric and mine, problem is that we have too much life experience.

HR departments do not consider hiring new emplyees in the 50 year old plus category.

We might embarrass our 30 something bosses.

They will never even consider that reason or think about saying it out loud, but it is standard practice across the board.

 

At least that's what they think.

If I was one of those bosses I would want employees who were smarter and more experienced than I am.

I would not be threatened by them.

  • Like 4
Link to comment
Share on other sites

A belated, quick follow-up.

 

After reviewing the above posts I think you should remove the sticky bits.

Not particularly due to security reasons, Linux will ignore it on files, but because it is unnecessary and therefore ugly.

 

It would only be useful on Linux for a directory where multiple users needed write permissions. Since you have fixed that problem, you don't need the sticky bit.

 

To remove the sticky bit

chmod -t /.gnupg
cd /.gnupg
chmod -t ./
chmod -t ../

etc, continue with each file in the directory

 

The '-t' option to chmod command will remove both the 'T' and 't'.

Edited by amenditman
  • Like 1
Link to comment
Share on other sites

I just had a great laugh. I was trying and trying your commands and it wouldn't work until I realized I wasn't in PCLinuxOS but OpenSuSE. Seriously I was wondering what the "T" stands for, since I don't remember having seen it somewhere else, do you know?

Link to comment
Share on other sites

securitybreach

I just had a great laugh. I was trying and trying your commands and it wouldn't work until I realized I wasn't in PCLinuxOS but OpenSuSE. Seriously I was wondering what the "T" stands for, since I don't remember having seen it somewhere else, do you know?

 

Looks like the -t switch clears the permissions:

To clear it, use chmod -t /usr/local/tmp or chmod 0777 /usr/local/tmp (using numeric mode will also change directory tmp to standard permissions).

https://en.wikipedia.org/wiki/Sticky_bit#Examples

Link to comment
Share on other sites

The 't' or 'T' in the permissions is the presence of the sticky bit.

't' is just the sticky bit, 'T' is the sticky bit and the 'x' permission in that slot.

Using chmod with the '-t' option removes the sticky bit.

 

So, if there was a 't' and you use the '-t' option, you should now have a '-' in that space.

If there was a 'T' and you use the '-t' option, you should now have an 'x' in that space.

  • Like 1
Link to comment
Share on other sites

Okay I get it. Thanks.

Just trying to be thorough. I can't tell you the times I have read forum posts that claim to solve an issue and had no idea what they were talking about because they assume some level of understanding that I did not possess.
  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...