Results 1 to 5 of 5

Thread: WARNING: unsafe permissions on homedir

  1. #1
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Question WARNING: unsafe permissions on homedir

    Could someone pls explain why GPG is unhappy with my home directory? This latest warning arose when i was importing the Firejail Dev's public key [from https://firejail.wordpress.com/download-2/] to my KGpg, but in recent weeks i've seen the same warning with other keys too.

    Code:
    gpg: WARNING: unsafe permissions on homedir '/home/gooeygirl/.gnupg'
    gpg (GnuPG) 2.2.0; Copyright (C) 2017 Free Software Foundation, Inc.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    
    
    pub  rsa2048/2CCB36ADFC5849A7
         created: 2014-11-05  expires: never       usage: SC   
         trust: marginal      validity: full
    sub  rsa2048/32DEBCA46813A09D
         created: 2014-11-05  expires: never       usage: E    
    [  full  ] (1). netblue (firejail key) <netblue30@yahoo.com>
    
    
    Via Dolphin:
    These are my /home/gooeygirl/.gnupg permissions: rwx-r-x-r-x.
    These are my /home/gooeygirl/ permissions: rwx-r-x-r-x.

    Via Konsole:
    Code:
    gooeygirl@linux-Tower:~> cd .gnupg                                                                                       
    gooeygirl@linux-Tower:~/.gnupg> ls -l                                                                                    
    total 7608                                                                                                             
    drwxr-xr-x 2 gooeygirl users      21 Sep  7 11:05 crls.d
    -rwxr-xr-x 1 gooeygirl users     101 Jan  7  2016 gpa.conf
    -rw-r--r-- 1 gooeygirl users      42 Aug 23 00:55 gpg-agent.conf
    -rwxr-xr-x 1 gooeygirl users      50 May 31  2015 gpg-agent-info-gooeygirl-Lappy
    -rwxr-xr-x 1 gooeygirl users      50 Aug 31  2015 gpg-agent-info-gooeygirl-Tower
    -rwxr-xr-x 1 gooeygirl users    9423 Dec 24  2016 gpg.conf
    drwx------ 2 gooeygirl users     214 Sep 27  2016 private-keys-v1.d
    -rwxr-xr-x 1 gooeygirl users 3818964 Sep 12 15:55 pubring.gpg
    -rwxr-xr-x 1 gooeygirl users 3818964 Sep 12 15:55 pubring.gpg~
    -rwxr-xr-x 1 gooeygirl users   36004 Jan 11  2016 pubring.kbx
    -rwxr-xr-x 1 gooeygirl users     600 Sep 12 15:56 random_seed
    -rwxr-xr-x 1 gooeygirl users    8393 Jan  8  2016 secring.gpg
    -rw-r--r-- 1 gooeygirl users      43 Jul 23 05:03 S.gpg-agent
    srwxr-xr-x 1 gooeygirl users       0 Sep 10 16:05 S.uiserver
    -rw-r--r-- 1 gooeygirl users   49152 Sep  7 12:12 tofu.db
    -rwxr-xr-x 1 gooeygirl users    5680 Sep 12 15:55 trustdb.gpg
    -rwxr-xr-x 1 gooeygirl users    1364 May  9 17:07 trustlist.txt
    gooeygirl@linux-Tower:~/.gnupg>
    My guess is it's not happy about the Group & Others permissions...? Should it instead be, maybe, drwx------ ?

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,173
    Blog Entries
    1

    Default Re: WARNING: unsafe permissions on homedir

    Yes, they do look a little permissive. Quoting from the Archwiki reference...

    Configuration files

    The default configuration files are ~/.gnupg/gpg.conf and ~/.gnupg/dirmngr.conf.
    By default, the gnupg directory has its permissions set to 700 and the files it contains have their permissions set to 600. Only the owner of the directory has permission to read, write, and access the files. This is for security purposes and should not be changed. In case this directory or any file inside it does not follow this security measure, you will get warnings about unsafe file and home directory permissions.

  3. #3
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,173
    Blog Entries
    1

    Default Re: WARNING: unsafe permissions on homedir

    Quote Originally Posted by deano_ferrari View Post
    Yes, they do look a little permissive. Quoting from the Archwiki reference...
    Sorry, forgot the link...

    https://wiki.archlinux.org/index.php...guration_files

  4. #4
    Join Date
    Jun 2017
    Location
    Australia
    Posts
    582

    Default Re: WARNING: unsafe permissions on homedir

    Many thanks deano.

    I've now made some changes, after which:
    Code:
    gooeygirl@linux-Tower:~> ls -l -d /home/gooeygirl/.gnupg
    drwx------ 5 gooeygirl users 4096 Sep 12 18:58 /home/gooeygirl/.gnupg
    gooeygirl@linux-Tower:~> 
    
    
    gooeygirl@linux-Tower:~> ls -l /home/gooeygirl/.gnupg
    total 7608
    drwx------ 2 gooeygirl users      21 Sep  7 11:05 crls.d
    -rwx------ 1 gooeygirl users     101 Jan  7  2016 gpa.conf
    -rw------- 1 gooeygirl users      42 Aug 23 00:55 gpg-agent.conf
    -rwx------ 1 gooeygirl users      50 May 31  2015 gpg-agent-info-gooeygirl-XPS-L501X
    -rwx------ 1 gooeygirl users      50 Aug 31  2015 gpg-agent-info-gooeygirl-Z97-HD3
    -rwx------ 1 gooeygirl users    9423 Dec 24  2016 gpg.conf
    drwx------ 2 gooeygirl users     214 Sep 27  2016 private-keys-v1.d
    -rwx------ 1 gooeygirl users 3818964 Sep 12 15:55 pubring.gpg
    -rwx------ 1 gooeygirl users 3818964 Sep 12 15:55 pubring.gpg~
    -rwx------ 1 gooeygirl users   36004 Jan 11  2016 pubring.kbx
    -rwx------ 1 gooeygirl users     600 Sep 12 15:56 random_seed
    -rwx------ 1 gooeygirl users    8393 Jan  8  2016 secring.gpg
    -rw------- 1 gooeygirl users      43 Jul 23 05:03 S.gpg-agent                                                                                                      
    srwx------ 1 gooeygirl users       0 Sep 12 18:05 S.uiserver                                                                                                       
    -rw------- 1 gooeygirl users   49152 Sep  7 12:12 tofu.db                                                                                                          
    -rwx------ 1 gooeygirl users    5680 Sep 12 15:55 trustdb.gpg                                                                                                      
    -rwx------ 1 gooeygirl users    1364 May  9 17:07 trustlist.txt                                                                                                    
    gooeygirl@linux-Tower:~>
    ...& now that warning message no longer appears.

    Nice one deano.

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,173
    Blog Entries
    1

    Default Re: WARNING: unsafe permissions on homedir

    Well done. (The executable bit is not needed either, but really not a security risk in this context.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •