1 [[meta title="Problems with root-owned gpg keyrings"]]
3 `/var/lib/monkeysphere/gnupg-host/` is root-owned, and the public
4 keyring in that directory is controlled by the superuser.
6 We currently expect the `monkeysphere` user to read from (but not
7 write to) that keyring. But using a keyring in a directory that you
8 don't control appears to trigger [a subtle bug in
9 gpg](http://bugs.debian.org/361539) that has been unresolved for quite
12 With some of the new error checking i'm doing in
13 `monkeysphere-server`, typical operations that involve both keyrings
14 as the non-privileged user can fail with an error message like:
16 gpg: failed to rebuild keyring cache: file open error
18 Running the relevant operation a second time as the same user usually
19 lets things go through without a failure, but this seems like it would
20 be hiding a bug, rather than getting it fixed correctly.
22 Are there other ways we can deal with this problem?