Steve, On Fri, 2024-04-19 at 12:28 -0400, Steve Grubb wrote: > Hello, > > I have run into an issue on F39 that I wanted to ask about. I decided > that I > wanted to develop an application on github from another account to > simplify > which keys are being used. I created the user acct and used "su - > myacct" to > login to it. I then tried to import gpg keys and got this: > > gpg: key 495F8DEXXX/495F8DEXXX: error sending to agent: Permission > denied > gpg: error building skey array: Permission denied > gpg: error reading 'myacct-secret.gpg': Permission denied > gpg: import from 'myacct-secret.gpg' failed: Permission denied
I've had this sort of problem before and the key item here is that the agent fails, and from what I've found previously is that is because it tries to attach to /dev/tty, but is not permitted as the su (or sudo) user is not the owner. After that everything falls apart. > > So then I logged in by ssh localhost and run "gpg --import" and got > this: > > gpg: Note: database_open 134217901 waiting for lock (held by 16325) > ... > gpg: Note: database_open 134217901 waiting for lock (held by 16325) > ... > gpg: Note: database_open 134217901 waiting for lock (held by 16325) > ... > gpg: Note: database_open 134217901 waiting for lock (held by 16325) > ... > ^C > gpg: signal Interrupt caught ... exiting > > Process 16325 is keyboxd pointing to the right homedir path. But then > I > notice there are 2 keyboxd running for this acct. I log out and as > root kill > everything under the new account and then ssh back to it. This time > gpg pops > up a screen to ask the passphrase and it succeeds. Ignoring multiple keyboxd running, the difference here is that ssh localhost allocates a new tty when you log in, owned by that user and the agent can open it. > > This is weird. In the past I know that you could "su" into an account > and > everything just worked. The difference between "su" and "ssh" is that > "ssh" > creates /usr/lib/systemd/systemd --user. So, no, it isn't specifically systemd issue, but tty allocation. > > Should "su -" also start it's own systemd instance since things > seemingly > can't function without it? > By extension, what does this mean for sudo? > Why do 2 instances of keyboxd for that acct get started? (Should the > second > one have gracefully exited?) > Or is this expected behavior? Yeah, that bit I'm not sure of. > > Thanks, > -Steve Regards Frank > > -- > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://docs.fedoraproject.org/en- > US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproje > ct.org > Do not reply to spam, report it: https://pagure.io/fedora- > infrastructure/new_issue > -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue