>Message: 6 >Date: Sun, 24 Apr 2005 16:37:14 +1000 >From: Peter Jones <[EMAIL PROTECTED]> >Subject: Re: Cant create directory error >To: gnupg-users@gnupg.org >Message-ID: <[EMAIL PROTECTED]> >Content-Type: text/plain; charset="iso-8859-1" > >On Thu, 21 Apr 2005 03:26 am, Carlos M wrote: >> Hi there im having problems trying to decrypt a message using PHP or >> Perl. When i run the perl script directly from the linux bash it works >> just fine, but when i run the script from the browser it doesnt work. >> Checkin the apache logs it says: >> >> Name "main::passphrase" used only once: possible typo at >> /usr/local/apache/cgi-bin/decrypt.pl line 10. >> gpg: fatal: ~/.gnupg: can't create directory: No such file or directory >> >> I create the keys using root as user. I got the .gnupg directory on >> /root with the correct keys in there. I have the correct keys in my >> local repository. I dont know what im doing wrong. > >I cannot see any other responses [possibly because the Reply-to on your >message doesn't seem to be configured correctly??] to this so I'll give >it a shot. > >It is almost certain that apache is not running as root (and if it *is*, >it is a very bad security risk!) > >Chances are it will be running as either user "apache", or as "nobody"; >you will need to check your httpd.conf file to be sure. Apache, >therefore, calls your cgi script as this user, and your script calls gpg >as this user. gpg then tries to create ~/.gnupg -- and either the user >home directory doesn't exist, or (for various security reasons) apache >does not have wtrite access to it. > >Best bet is to create a .gnupg file somewhere apache can find it, then in >your script use "gpg --options /path/to/.gnupg" to specify the correct >options file for it to use... > >(Additionally I'd investigate that main::passphrase warning if I were >you! ;-))
I don't know whether he has Apache in a default config on a 'nix box or what. I am assuming he has some version of 'nix with the word "root" in the lines. If it is a default config, then he has an Apache user: Password Entries: ================= apache:x:48:48:Apache:/var/www:/sbin/nologin ... hhhobbit:x:500:500:Henry Hertz Hobbit:/home/hhhobbit:/bin/bash Group Entries: ============== apache:x:48: ... hhhobbit:x:500: He can create the .gnupg folder as an ordinary user or as root, but in any case he will have to move the folder (eventually) to /var/www and chown and chgrp it to apache. On Linux: cd # to where your .gnupg was created cp -rp .gnupg /var/www cd /var/www chown -R apache:apache .gnupg chmod 700 .gnupg cd .gnupg chmod 400 * There is one tricky problem; apache has the /sbin/nologin shell which means apache cannot login, but I assume that is easily handled by the way it is started up, and the fact that you are forking off another process off of something already running. Ciao Henry Hertz Hobbit -- Key Name: "Henry Hertz Hobbit" <[EMAIL PROTECTED]> pub 1024D/E1FA6C62 2005-04-11 [expires: 2006-04-11] Key fingerprint = ACA0 B65B E20A 552E DFE2 EE1D 75B9 D818 E1FA 6C62 __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
