53

System: I am testing Linux Mint 19 Beta based on Ubuntu 18.04.

I got this warning while installing an unrelated package:

gpg: WARNING: unsafe ownership on homedir '/home/vlastimil/.gnupg'

This is the ls output the of the directory itself:

$ lld /home/vlastimil/.gnupg

drwx------ 4 vlastimil vlastimil 4,0K Jun 26 11:42 /home/vlastimil/.gnupg

That seems to be OK.

This is the ls output the contents of the directory:

$ ll /home/vlastimil/.gnupg/

total 24K
drwx------ 2 vlastimil vlastimil 4,0K Jun 26 11:36 crls.d
drwx------ 2 vlastimil vlastimil 4,0K Jun 26 05:28 private-keys-v1.d
-rw-r--r-- 1 vlastimil vlastimil 6,4K Jun 26 11:42 pubring.kbx
-rw-r--r-- 1 vlastimil vlastimil 3,2K Jun 26 11:37 pubring.kbx~
srwx------ 1 root      root         0 Jun 26 11:38 S.dirmngr
-rw------- 1 vlastimil vlastimil 1,2K Jun 26 11:37 trustdb.gpg

I am unsure if I can't just delete the seemingly offending directory named S.dirmngr.

I am also unsure if that would solve the issue or create another one.

I just remember that not long ago, I was instructed to install a package named like that, i.e. dirmngr, but I can't remember with what software installation it was connected.

EDIT1:

As StephenKitt pointed out, I really ran this line, I have found in the history:

sudo gpg --recv-keys ...

Will this have any consequences?

Vlastimil Burián
  • 27,586
  • 56
  • 179
  • 309
  • 2
    I came here looking for the error `unsafe permissions` instead of `ownership`. The solution for that is `find ~/.gnupg -type f -exec chmod 600 {}` and `find ~/.gnupg -type d -exec chmod 700 {}` as can be found [here](https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85) – Cadoiz Oct 10 '22 at 07:08

1 Answers1

59

This is the result of running gpg with sudo: gpg then runs as root, but its home directory is still the user’s. This explains both the warning (gpg is running as root but another user owns the configuration directory) and dirmngr’s socket’s ownership.

To fix this up, you should stop dirmngr:

sudo gpgconf --kill dirmngr

(sudo just this once because dirmngr is running as root, as evidenced by its socket), then restore your ownership:

sudo chown -R $USER ~/.gnupg
Stephen Kitt
  • 411,918
  • 54
  • 1,065
  • 1,164
  • Should I restore the killed process somehow? How do I go about doing that? Also, how do I `sudo gpg` without causing this problem in the first place? – leinaD_natipaC Apr 20 '21 at 10:13
  • 3
    @leinaD you can’t restore a killed process. To run `gpg` as root without causing this problem, use `sudo -H`: `sudo -H gpg`. – Stephen Kitt Apr 20 '21 at 11:54
  • 1
    @StephenKitt After looking at the docs, what i was looking for is `--launch`, I guess, but really I meant to ask if doing something along the lines of `gpgconf --launch dirmngr` was necessary after killing it in the first place. – leinaD_natipaC Apr 20 '21 at 14:49
  • 2
    @leinaD ah, right, `gpg` should launch `dirmngr` on its own if necessary. – Stephen Kitt Apr 20 '21 at 18:09
  • Alternatively `chown -R $(whoami) ~/.gnupg/` as from [this GitHub Gist](https://gist.github.com/oseme-techguy/bae2e309c084d93b75a9b25f49718f85) – Cadoiz Oct 10 '22 at 07:05