gpg: WARNING: unsafe ownership ????

Diss

Diss

Diss

Associate
Joined
28 Oct 2002
Posts
1,510
Hi

I have been looking at this site to try and set up some repos for the latest nvidia drivers on by ubuntu edgy PC
http://albertomilone.com/driver_edgy.html

apart from getting a 404 message on the repo i got some weird messages with trying to set up the gpg key - it was erroring so i tried his commends with sudo in front and got a strange message about 'unsafe ownership'

any idea what this means, and if necessary how to fix it?

below is info from my terminal window:

voteslave@voteslave-desktop:~$ gpg --import tseliot.asc
gpg: can't open `/home/voteslave/.gnupg/pubring.gpg'
gpg: keydb_get_keyblock failed: eof
gpg: no writable keyring found: eof
gpg: error reading `tseliot.asc': general error
gpg: import from `tseliot.asc' failed: general error
gpg: Total number processed: 0
voteslave@voteslave-desktop:~$ wget http://www.albertomilone.com/drivers/tseliot.asc
--09:50:00-- http://www.albertomilone.com/drivers/tseliot.asc
=> `tseliot.asc.2'
Resolving www.albertomilone.com... 68.178.232.90
Connecting to www.albertomilone.com|68.178.232.90|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1,704 (1.7K) [text/plain]

100%[====================================>] 1,704 --.--K/s

09:50:00 (6.83 MB/s) - `tseliot.asc.2' saved [1704/1704]

voteslave@voteslave-desktop:~$ gpg --import tseliot.asc
gpg: can't open `/home/voteslave/.gnupg/pubring.gpg'
gpg: keydb_get_keyblock failed: eof
gpg: no writable keyring found: eof
gpg: error reading `tseliot.asc': general error
gpg: import from `tseliot.asc' failed: general error
gpg: Total number processed: 0
voteslave@voteslave-desktop:~$ sudo gpg --import tseliot.asc
Password:
gpg: WARNING: unsafe ownership on configuration file `/home/voteslave/.gnupg/gpg.conf'
gpg: key 8EB26AF1: public key "Alberto Milone (tseliot) <[email protected]>" imported
gpg: Total number processed: 1
gpg: imported: 1
voteslave@voteslave-desktop:~$ gpg --export --armor [email protected] | sudo apt-key add -
gpg: can't open `/home/voteslave/.gnupg/pubring.gpg'
gpg: WARNING: nothing exported
gpg: key export failed: file open error
gpg: no valid OpenPGP data found.
voteslave@voteslave-desktop:~$ sudo gpg --export --armor [email protected] | sudo apt-key add -
gpg: WARNING: unsafe ownership on configuration file `/home/voteslave/.gnupg/gpg.conf'
OK
voteslave@voteslave-desktop:~$


many thanks

Diss
 
Files in ~/.gnupg should really only be accessible to the user it was configured for (voteslave, I assume). As you used sudo before the gpg command, you were running as a different user than what it expected, hence the error. However, it appears your normal user can't access the gpg files, so you need to modify permission appropriately so it can, and other users can't.

What are the file permissions inside ~/.gnupg i.e. what's the output of
Code: 
$ ls -l ~/.gnupg
?
 
As has already been stated this looks like a problem with the permissions of your gpg folder in your home directory. IIRC the folder/files should have their permissions set to 600?
 
hi sorry for the delay in getting back with more info - here it is:

total 28
-rw------- 1 voteslave voteslave 9231 2006-10-10 21:01 gpg.conf
-rw------- 1 root root 4441 2007-01-27 09:51 pubring.gpg
-rw------- 1 root root 3260 2006-12-26 16:39 pubring.gpg~
-rw------- 1 voteslave voteslave 0 2006-10-10 21:01 secring.gpg
-rw------- 1 voteslave voteslave 1200 2006-10-10 21:01 trustdb.gpg



are these the right settings, if not howdo i change (and to what?)

many thanks

Diss
 
Your public keyring (pubring.gpg) is owned by root with R/W permissions only for root, so the user voteslave cannot modify it. Thus, you cannot add a new public key to the keyring as voteslave - which is why you had to run as root to add that key.

Fix it by giving pubring.gpg ownership back to voteslave:
Code: 
sudo chown voteslave:voteslave pubring.*
And now you should be able to run all gpg commands as voteslave without any 'unsafe ownership' errors. :)
 
You must log in or register to reply here.
Back
Top Bottom