Josef Wolf wrote: >I need a setup where the user running "gpg -e -r foobar" is not able to >modify keyring contents. I tried: > > # chown -R root:user ~user/.gnupg > # chmod -R o=rwX,g=rX,o= ~user/.gnupg
You'd better use chattr -i on it. > to use --lock-never as long as it is guaranteed that _only_ "gpg -e" > is ever run? No key generation, no imports, no signung. Only > "gpg -e". Is this safe? Of course, the file can't become corrupt and it has no influence on files you sign and/or encrypt. > 2. There's the random_seed file. It is modified at every run. How can > I handle this? chattr -i the keyring files but leave out the random_seed. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
