What does this gpg warning mean?

Question

When I run my backup script as me, it works fine. When I run it as root, it still works, but I get this warning:

gpg: WARNING: unsafe ownership on configuration file `/home/jason/.gnupg/gpg.conf'

What does this warning mean and how can I stop it from happening?

Here's my script:

now=$(date +"%Y-%m-%d-%H-%M-%S")
logfile="/var/log/backups/rsync-$now"
readynas_address="192.168.140.31"
basedir="/home/jason/scripts/backup"

cat $basedir/email.txt | sendmail -t
/home/jason/scripts/db-backup
sudo rsync -arvz --delete --exclude-from=$basedir/exclude.txt --password-file=$basedir/password.txt / jason@$readynas_address::gob > $logfile
cat $basedir/done-email.txt $logfile | sendmail -t

If my sendmail has gpg hooks, it's not something I set up. I do in fact call gpg in db-backup but forgot to include that part. In any case, Niall's answer took care of the problem. — Jason Swett, Jan 19 '11 at 20:00

score 3 · Accepted Answer · answered Jan 19 '11 at 17:21

This means that anyone who has an account on the system is able to read the contents of /home/jason/.gnupg. You need to run something like the following:

# Change the own of all files within /home/jason/.gnupg to jason
chown -R jason /home/jason/.gnupg
# Make sure only jason can access the various files within.
chmod 700 /home/jason/.gnupg
chmod 600 /home/jason/.gnupg/*
chmod 700 /home/jason/.gnupg/random_seed

I'm not 100% sure, if the last one is needed, but that should get rid of the warning and make sure that only you can read the contents.

score 1 · Answer 2 · answered Jan 19 '11 at 17:19

1

The gpg key you are using has permissions to be read by people other then the owner.

Chmod the file.

answered Jan 19 '11 at 17:19

Essobi

901
6
9

What does this gpg warning mean?

2 Answers2