What are the correct permissions for the .gnupg enclosing folder? gpg: WARNING: unsafe enclosing directory...












16















I don't want to just chmod and run until I get the right answer, nor do I want to run GnuPG as root. The easy fix would be to just set it so that only my user can read it, but I don't think that's the best way.



I get the following error when I attempt to use gpg:



gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/nb/.gnupg/gpg.conf'
gpg: external program calls are disabled due to unsafe options file permissions
gpg: keyserver communications error: general error
gpg: keyserver receive failed: general error


GnuPG's ~/.gnupg/ current status:



% stat .gnupg 
File: ‘.gnupg’
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 1bh/27d Inode: 20578751 Links: 3
Access: (0775/drwxrwxr-x) Uid: ( 1000/ nb) Gid: ( 1000/ XXXX)
Access: 2015-08-09 18:14:45.937760752 -0700
Modify: 2015-08-05 20:54:32.860883569 -0700
Change: 2015-08-05 20:54:32.860883569 -0700
Birth: -


The answer at the following link advises 600 permissions for the ~/gnupg/gpg.conf file, but does the enclosing folder require those permissions, too?



https://askubuntu.com/questions/330755/unsafe-permissions-on-configuration-file-home-david-gnupg-gpg-conf-what-doe










share|improve this question





























    16















    I don't want to just chmod and run until I get the right answer, nor do I want to run GnuPG as root. The easy fix would be to just set it so that only my user can read it, but I don't think that's the best way.



    I get the following error when I attempt to use gpg:



    gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/nb/.gnupg/gpg.conf'
    gpg: external program calls are disabled due to unsafe options file permissions
    gpg: keyserver communications error: general error
    gpg: keyserver receive failed: general error


    GnuPG's ~/.gnupg/ current status:



    % stat .gnupg 
    File: ‘.gnupg’
    Size: 4096 Blocks: 8 IO Block: 4096 directory
    Device: 1bh/27d Inode: 20578751 Links: 3
    Access: (0775/drwxrwxr-x) Uid: ( 1000/ nb) Gid: ( 1000/ XXXX)
    Access: 2015-08-09 18:14:45.937760752 -0700
    Modify: 2015-08-05 20:54:32.860883569 -0700
    Change: 2015-08-05 20:54:32.860883569 -0700
    Birth: -


    The answer at the following link advises 600 permissions for the ~/gnupg/gpg.conf file, but does the enclosing folder require those permissions, too?



    https://askubuntu.com/questions/330755/unsafe-permissions-on-configuration-file-home-david-gnupg-gpg-conf-what-doe










    share|improve this question



























      16












      16








      16


      9






      I don't want to just chmod and run until I get the right answer, nor do I want to run GnuPG as root. The easy fix would be to just set it so that only my user can read it, but I don't think that's the best way.



      I get the following error when I attempt to use gpg:



      gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/nb/.gnupg/gpg.conf'
      gpg: external program calls are disabled due to unsafe options file permissions
      gpg: keyserver communications error: general error
      gpg: keyserver receive failed: general error


      GnuPG's ~/.gnupg/ current status:



      % stat .gnupg 
      File: ‘.gnupg’
      Size: 4096 Blocks: 8 IO Block: 4096 directory
      Device: 1bh/27d Inode: 20578751 Links: 3
      Access: (0775/drwxrwxr-x) Uid: ( 1000/ nb) Gid: ( 1000/ XXXX)
      Access: 2015-08-09 18:14:45.937760752 -0700
      Modify: 2015-08-05 20:54:32.860883569 -0700
      Change: 2015-08-05 20:54:32.860883569 -0700
      Birth: -


      The answer at the following link advises 600 permissions for the ~/gnupg/gpg.conf file, but does the enclosing folder require those permissions, too?



      https://askubuntu.com/questions/330755/unsafe-permissions-on-configuration-file-home-david-gnupg-gpg-conf-what-doe










      share|improve this question
















      I don't want to just chmod and run until I get the right answer, nor do I want to run GnuPG as root. The easy fix would be to just set it so that only my user can read it, but I don't think that's the best way.



      I get the following error when I attempt to use gpg:



      gpg: WARNING: unsafe enclosing directory permissions on configuration file `/home/nb/.gnupg/gpg.conf'
      gpg: external program calls are disabled due to unsafe options file permissions
      gpg: keyserver communications error: general error
      gpg: keyserver receive failed: general error


      GnuPG's ~/.gnupg/ current status:



      % stat .gnupg 
      File: ‘.gnupg’
      Size: 4096 Blocks: 8 IO Block: 4096 directory
      Device: 1bh/27d Inode: 20578751 Links: 3
      Access: (0775/drwxrwxr-x) Uid: ( 1000/ nb) Gid: ( 1000/ XXXX)
      Access: 2015-08-09 18:14:45.937760752 -0700
      Modify: 2015-08-05 20:54:32.860883569 -0700
      Change: 2015-08-05 20:54:32.860883569 -0700
      Birth: -


      The answer at the following link advises 600 permissions for the ~/gnupg/gpg.conf file, but does the enclosing folder require those permissions, too?



      https://askubuntu.com/questions/330755/unsafe-permissions-on-configuration-file-home-david-gnupg-gpg-conf-what-doe







      linux permissions encryption gnupg






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Apr 13 '17 at 12:22









      Community

      1




      1










      asked Aug 10 '15 at 1:30









      Nathan BasaneseNathan Basanese

      3331217




      3331217






















          4 Answers
          4






          active

          oldest

          votes


















          36














          Yes, you will also need to fix the permissions of the enclosing directory ~/.gnupg



          Because an attacker with enough rights on the folder could manipulate folder contents.



          Execute the following commands:




          1. Make sure, the folder+contents belong to you:
            chown -R $(whoami) ~/.gnupg/


          2. Correct access rights for .gnupg and subfolders:
            find ~/.gnupg -type f -exec chmod 600 {} ;
            find ~/.gnupg -type d -exec chmod 700 {} ;



          Explanation for 600, 700:



          Lets start from the back: '00' mean NO rights AT ALL for everybody who is not the owner of the files/directories.



          That means, that the process reading these (gnupg) must run as the owner of these files/directories.



          ~/.gnupg/ is a folder, the process reading the contents must be able to "enter" (=execute) this folder. This is the "x" Bit. It has the value "1". 7 - 6 = 1



          Both ~/.gnupg/ and ~/.gnupg/* you want to be able to read and write, thats 4 + 2 = 6.



          ==> Only the owner of the files can read/write them now (=600). Only he can enter into the directory as well (=700)



          ==> These file rights don't "need" to be documented, they are derivable from the intended usage.



          More info about permission notation: https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions






          share|improve this answer





















          • 1





            // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

            – Nathan Basanese
            Aug 10 '15 at 18:18






          • 1





            They do! You posted the error message ;)

            – Alex Stragies
            Aug 10 '15 at 19:24






          • 1





            // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

            – Nathan Basanese
            Mar 30 '17 at 22:52











          • // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

            – Nathan Basanese
            Mar 30 '17 at 22:54











          • @null : I updated the commands to also deal with subfolders

            – Alex Stragies
            Jan 23 at 14:33



















          5














          GnuPG by default enforces secure access privileges, which means nobody else (but you) can access your GnuPG home directory ~/.gnupg. These access privileges often are not strict enough after copying the GnuPG home directory from another machine, and very often wrong ownership is the reason of such a message.



          # Set ownership to your own user and primary group
          chown -R "$USER:$(id -gn)" ~/.gnupg
          # Set permissions to read, write, execute for only yourself, no others
          chmod 700 ~/.gnupg
          # Set permissions to read, write for only yourself, no others
          chmod 600 ~/.gnupg/*


          If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened.






          share|improve this answer































            4














            Although Jens Erat already mentioned it in his last sentence, I think it should be stressed that any folders inside ~/.gnupg must be executable (mode 700) as well. This holds especially for the private-keys* folder that is created by gpg itself. I was stuck with permission problems for a while before I noticed this.






            share|improve this answer
























            • find ~/.gnupg -type d -exec chmod 700 {} ;

              – Craig Hicks
              Jan 17 at 6:29



















            2














            These two lines will set the permissions separately and correctly for directories and files:



            find ~/.gnupg -type d -exec chmod 700 {} ;
            find ~/.gnupg -type f -exec chmod 600 {} ;


            assuming ownership is already set correctly.



            Note it does not change permissions on the sockets S.gpg-agent*. (Only the new gpg v2 involves sockets, the old gpg v1 doesn't).






            share|improve this answer





















            • 1





              Looks like an answer borne of experience.

              – Nathan Basanese
              Jan 25 at 9:22











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f954509%2fwhat-are-the-correct-permissions-for-the-gnupg-enclosing-folder-gpg-warning%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            4 Answers
            4






            active

            oldest

            votes








            4 Answers
            4






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            36














            Yes, you will also need to fix the permissions of the enclosing directory ~/.gnupg



            Because an attacker with enough rights on the folder could manipulate folder contents.



            Execute the following commands:




            1. Make sure, the folder+contents belong to you:
              chown -R $(whoami) ~/.gnupg/


            2. Correct access rights for .gnupg and subfolders:
              find ~/.gnupg -type f -exec chmod 600 {} ;
              find ~/.gnupg -type d -exec chmod 700 {} ;



            Explanation for 600, 700:



            Lets start from the back: '00' mean NO rights AT ALL for everybody who is not the owner of the files/directories.



            That means, that the process reading these (gnupg) must run as the owner of these files/directories.



            ~/.gnupg/ is a folder, the process reading the contents must be able to "enter" (=execute) this folder. This is the "x" Bit. It has the value "1". 7 - 6 = 1



            Both ~/.gnupg/ and ~/.gnupg/* you want to be able to read and write, thats 4 + 2 = 6.



            ==> Only the owner of the files can read/write them now (=600). Only he can enter into the directory as well (=700)



            ==> These file rights don't "need" to be documented, they are derivable from the intended usage.



            More info about permission notation: https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions






            share|improve this answer





















            • 1





              // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

              – Nathan Basanese
              Aug 10 '15 at 18:18






            • 1





              They do! You posted the error message ;)

              – Alex Stragies
              Aug 10 '15 at 19:24






            • 1





              // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

              – Nathan Basanese
              Mar 30 '17 at 22:52











            • // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

              – Nathan Basanese
              Mar 30 '17 at 22:54











            • @null : I updated the commands to also deal with subfolders

              – Alex Stragies
              Jan 23 at 14:33
















            36














            Yes, you will also need to fix the permissions of the enclosing directory ~/.gnupg



            Because an attacker with enough rights on the folder could manipulate folder contents.



            Execute the following commands:




            1. Make sure, the folder+contents belong to you:
              chown -R $(whoami) ~/.gnupg/


            2. Correct access rights for .gnupg and subfolders:
              find ~/.gnupg -type f -exec chmod 600 {} ;
              find ~/.gnupg -type d -exec chmod 700 {} ;



            Explanation for 600, 700:



            Lets start from the back: '00' mean NO rights AT ALL for everybody who is not the owner of the files/directories.



            That means, that the process reading these (gnupg) must run as the owner of these files/directories.



            ~/.gnupg/ is a folder, the process reading the contents must be able to "enter" (=execute) this folder. This is the "x" Bit. It has the value "1". 7 - 6 = 1



            Both ~/.gnupg/ and ~/.gnupg/* you want to be able to read and write, thats 4 + 2 = 6.



            ==> Only the owner of the files can read/write them now (=600). Only he can enter into the directory as well (=700)



            ==> These file rights don't "need" to be documented, they are derivable from the intended usage.



            More info about permission notation: https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions






            share|improve this answer





















            • 1





              // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

              – Nathan Basanese
              Aug 10 '15 at 18:18






            • 1





              They do! You posted the error message ;)

              – Alex Stragies
              Aug 10 '15 at 19:24






            • 1





              // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

              – Nathan Basanese
              Mar 30 '17 at 22:52











            • // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

              – Nathan Basanese
              Mar 30 '17 at 22:54











            • @null : I updated the commands to also deal with subfolders

              – Alex Stragies
              Jan 23 at 14:33














            36












            36








            36







            Yes, you will also need to fix the permissions of the enclosing directory ~/.gnupg



            Because an attacker with enough rights on the folder could manipulate folder contents.



            Execute the following commands:




            1. Make sure, the folder+contents belong to you:
              chown -R $(whoami) ~/.gnupg/


            2. Correct access rights for .gnupg and subfolders:
              find ~/.gnupg -type f -exec chmod 600 {} ;
              find ~/.gnupg -type d -exec chmod 700 {} ;



            Explanation for 600, 700:



            Lets start from the back: '00' mean NO rights AT ALL for everybody who is not the owner of the files/directories.



            That means, that the process reading these (gnupg) must run as the owner of these files/directories.



            ~/.gnupg/ is a folder, the process reading the contents must be able to "enter" (=execute) this folder. This is the "x" Bit. It has the value "1". 7 - 6 = 1



            Both ~/.gnupg/ and ~/.gnupg/* you want to be able to read and write, thats 4 + 2 = 6.



            ==> Only the owner of the files can read/write them now (=600). Only he can enter into the directory as well (=700)



            ==> These file rights don't "need" to be documented, they are derivable from the intended usage.



            More info about permission notation: https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions






            share|improve this answer















            Yes, you will also need to fix the permissions of the enclosing directory ~/.gnupg



            Because an attacker with enough rights on the folder could manipulate folder contents.



            Execute the following commands:




            1. Make sure, the folder+contents belong to you:
              chown -R $(whoami) ~/.gnupg/


            2. Correct access rights for .gnupg and subfolders:
              find ~/.gnupg -type f -exec chmod 600 {} ;
              find ~/.gnupg -type d -exec chmod 700 {} ;



            Explanation for 600, 700:



            Lets start from the back: '00' mean NO rights AT ALL for everybody who is not the owner of the files/directories.



            That means, that the process reading these (gnupg) must run as the owner of these files/directories.



            ~/.gnupg/ is a folder, the process reading the contents must be able to "enter" (=execute) this folder. This is the "x" Bit. It has the value "1". 7 - 6 = 1



            Both ~/.gnupg/ and ~/.gnupg/* you want to be able to read and write, thats 4 + 2 = 6.



            ==> Only the owner of the files can read/write them now (=600). Only he can enter into the directory as well (=700)



            ==> These file rights don't "need" to be documented, they are derivable from the intended usage.



            More info about permission notation: https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Jan 23 at 14:31

























            answered Aug 10 '15 at 3:06









            Alex StragiesAlex Stragies

            663515




            663515








            • 1





              // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

              – Nathan Basanese
              Aug 10 '15 at 18:18






            • 1





              They do! You posted the error message ;)

              – Alex Stragies
              Aug 10 '15 at 19:24






            • 1





              // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

              – Nathan Basanese
              Mar 30 '17 at 22:52











            • // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

              – Nathan Basanese
              Mar 30 '17 at 22:54











            • @null : I updated the commands to also deal with subfolders

              – Alex Stragies
              Jan 23 at 14:33














            • 1





              // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

              – Nathan Basanese
              Aug 10 '15 at 18:18






            • 1





              They do! You posted the error message ;)

              – Alex Stragies
              Aug 10 '15 at 19:24






            • 1





              // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

              – Nathan Basanese
              Mar 30 '17 at 22:52











            • // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

              – Nathan Basanese
              Mar 30 '17 at 22:54











            • @null : I updated the commands to also deal with subfolders

              – Alex Stragies
              Jan 23 at 14:33








            1




            1





            // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

            – Nathan Basanese
            Aug 10 '15 at 18:18





            // , Do you know if the makers of GnuPG document these specific permission levels? If they do document them, where could I find this?

            – Nathan Basanese
            Aug 10 '15 at 18:18




            1




            1





            They do! You posted the error message ;)

            – Alex Stragies
            Aug 10 '15 at 19:24





            They do! You posted the error message ;)

            – Alex Stragies
            Aug 10 '15 at 19:24




            1




            1





            // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

            – Nathan Basanese
            Mar 30 '17 at 22:52





            // , Yeah, but the error message doesn't say what the permissions should be. Do they publish that anywhere?

            – Nathan Basanese
            Mar 30 '17 at 22:52













            // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

            – Nathan Basanese
            Mar 30 '17 at 22:54





            // , Also, thanks for adding more of an explanation for those of us who aren't as familiar with the permission numbering scheme.

            – Nathan Basanese
            Mar 30 '17 at 22:54













            @null : I updated the commands to also deal with subfolders

            – Alex Stragies
            Jan 23 at 14:33





            @null : I updated the commands to also deal with subfolders

            – Alex Stragies
            Jan 23 at 14:33













            5














            GnuPG by default enforces secure access privileges, which means nobody else (but you) can access your GnuPG home directory ~/.gnupg. These access privileges often are not strict enough after copying the GnuPG home directory from another machine, and very often wrong ownership is the reason of such a message.



            # Set ownership to your own user and primary group
            chown -R "$USER:$(id -gn)" ~/.gnupg
            # Set permissions to read, write, execute for only yourself, no others
            chmod 700 ~/.gnupg
            # Set permissions to read, write for only yourself, no others
            chmod 600 ~/.gnupg/*


            If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened.






            share|improve this answer




























              5














              GnuPG by default enforces secure access privileges, which means nobody else (but you) can access your GnuPG home directory ~/.gnupg. These access privileges often are not strict enough after copying the GnuPG home directory from another machine, and very often wrong ownership is the reason of such a message.



              # Set ownership to your own user and primary group
              chown -R "$USER:$(id -gn)" ~/.gnupg
              # Set permissions to read, write, execute for only yourself, no others
              chmod 700 ~/.gnupg
              # Set permissions to read, write for only yourself, no others
              chmod 600 ~/.gnupg/*


              If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened.






              share|improve this answer


























                5












                5








                5







                GnuPG by default enforces secure access privileges, which means nobody else (but you) can access your GnuPG home directory ~/.gnupg. These access privileges often are not strict enough after copying the GnuPG home directory from another machine, and very often wrong ownership is the reason of such a message.



                # Set ownership to your own user and primary group
                chown -R "$USER:$(id -gn)" ~/.gnupg
                # Set permissions to read, write, execute for only yourself, no others
                chmod 700 ~/.gnupg
                # Set permissions to read, write for only yourself, no others
                chmod 600 ~/.gnupg/*


                If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened.






                share|improve this answer













                GnuPG by default enforces secure access privileges, which means nobody else (but you) can access your GnuPG home directory ~/.gnupg. These access privileges often are not strict enough after copying the GnuPG home directory from another machine, and very often wrong ownership is the reason of such a message.



                # Set ownership to your own user and primary group
                chown -R "$USER:$(id -gn)" ~/.gnupg
                # Set permissions to read, write, execute for only yourself, no others
                chmod 700 ~/.gnupg
                # Set permissions to read, write for only yourself, no others
                chmod 600 ~/.gnupg/*


                If you have (for any reason) created your own folders inside ~/.gnupg, you must also additionally apply execute permissions to that folder. Folders require execution privileges to be opened.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Aug 10 '15 at 8:43









                Jens EratJens Erat

                12.7k114459




                12.7k114459























                    4














                    Although Jens Erat already mentioned it in his last sentence, I think it should be stressed that any folders inside ~/.gnupg must be executable (mode 700) as well. This holds especially for the private-keys* folder that is created by gpg itself. I was stuck with permission problems for a while before I noticed this.






                    share|improve this answer
























                    • find ~/.gnupg -type d -exec chmod 700 {} ;

                      – Craig Hicks
                      Jan 17 at 6:29
















                    4














                    Although Jens Erat already mentioned it in his last sentence, I think it should be stressed that any folders inside ~/.gnupg must be executable (mode 700) as well. This holds especially for the private-keys* folder that is created by gpg itself. I was stuck with permission problems for a while before I noticed this.






                    share|improve this answer
























                    • find ~/.gnupg -type d -exec chmod 700 {} ;

                      – Craig Hicks
                      Jan 17 at 6:29














                    4












                    4








                    4







                    Although Jens Erat already mentioned it in his last sentence, I think it should be stressed that any folders inside ~/.gnupg must be executable (mode 700) as well. This holds especially for the private-keys* folder that is created by gpg itself. I was stuck with permission problems for a while before I noticed this.






                    share|improve this answer













                    Although Jens Erat already mentioned it in his last sentence, I think it should be stressed that any folders inside ~/.gnupg must be executable (mode 700) as well. This holds especially for the private-keys* folder that is created by gpg itself. I was stuck with permission problems for a while before I noticed this.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered Dec 13 '17 at 8:56









                    tc88tc88

                    7118




                    7118













                    • find ~/.gnupg -type d -exec chmod 700 {} ;

                      – Craig Hicks
                      Jan 17 at 6:29



















                    • find ~/.gnupg -type d -exec chmod 700 {} ;

                      – Craig Hicks
                      Jan 17 at 6:29

















                    find ~/.gnupg -type d -exec chmod 700 {} ;

                    – Craig Hicks
                    Jan 17 at 6:29





                    find ~/.gnupg -type d -exec chmod 700 {} ;

                    – Craig Hicks
                    Jan 17 at 6:29











                    2














                    These two lines will set the permissions separately and correctly for directories and files:



                    find ~/.gnupg -type d -exec chmod 700 {} ;
                    find ~/.gnupg -type f -exec chmod 600 {} ;


                    assuming ownership is already set correctly.



                    Note it does not change permissions on the sockets S.gpg-agent*. (Only the new gpg v2 involves sockets, the old gpg v1 doesn't).






                    share|improve this answer





















                    • 1





                      Looks like an answer borne of experience.

                      – Nathan Basanese
                      Jan 25 at 9:22
















                    2














                    These two lines will set the permissions separately and correctly for directories and files:



                    find ~/.gnupg -type d -exec chmod 700 {} ;
                    find ~/.gnupg -type f -exec chmod 600 {} ;


                    assuming ownership is already set correctly.



                    Note it does not change permissions on the sockets S.gpg-agent*. (Only the new gpg v2 involves sockets, the old gpg v1 doesn't).






                    share|improve this answer





















                    • 1





                      Looks like an answer borne of experience.

                      – Nathan Basanese
                      Jan 25 at 9:22














                    2












                    2








                    2







                    These two lines will set the permissions separately and correctly for directories and files:



                    find ~/.gnupg -type d -exec chmod 700 {} ;
                    find ~/.gnupg -type f -exec chmod 600 {} ;


                    assuming ownership is already set correctly.



                    Note it does not change permissions on the sockets S.gpg-agent*. (Only the new gpg v2 involves sockets, the old gpg v1 doesn't).






                    share|improve this answer















                    These two lines will set the permissions separately and correctly for directories and files:



                    find ~/.gnupg -type d -exec chmod 700 {} ;
                    find ~/.gnupg -type f -exec chmod 600 {} ;


                    assuming ownership is already set correctly.



                    Note it does not change permissions on the sockets S.gpg-agent*. (Only the new gpg v2 involves sockets, the old gpg v1 doesn't).







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Jan 17 at 6:44

























                    answered Jan 17 at 6:33









                    Craig HicksCraig Hicks

                    1414




                    1414








                    • 1





                      Looks like an answer borne of experience.

                      – Nathan Basanese
                      Jan 25 at 9:22














                    • 1





                      Looks like an answer borne of experience.

                      – Nathan Basanese
                      Jan 25 at 9:22








                    1




                    1





                    Looks like an answer borne of experience.

                    – Nathan Basanese
                    Jan 25 at 9:22





                    Looks like an answer borne of experience.

                    – Nathan Basanese
                    Jan 25 at 9:22


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f954509%2fwhat-are-the-correct-permissions-for-the-gnupg-enclosing-folder-gpg-warning%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Mouse cursor on multiple screens with different PPI

                    Agildo Ribeiro

                    Sometime when accessing a menu: “Ubuntu 16.04 has experienced an internal error”