On 30/01/14 02:14, DUELL, BOB wrote: > On my server, I created a directory named /opt/app/apps/dbmprod/gpg and set > the permissions to global access (777).
> I set the permission on all the files in this directory to allow global > "read" access (744). If you're trying to achieve by the 744 what I think you're trying to achieve, namely that users can't change the files, I think you're mistaken[1]. Look at the following session I just did[2]: ---------------------8<------------->8--------------------- $ ll -R .: total 4 drwxrwxrwx 2 root root 4096 Jan 30 11:40 gpg ./gpg: total 4 -rwxr--r-- 1 root root 17 Jan 30 11:40 gpg.conf $ cd gpg $ cat gpg.conf intended content $ echo "unwanted addition" >>gpg.conf bash: gpg.conf: Permission denied $ cp -a gpg.conf gpg.conf.new $ echo "unwanted addition" >>gpg.conf.new $ mv gpg.conf.new gpg.conf mv: try to overwrite ‘gpg.conf’, overriding mode 0744 (rwxr--r--)? y $ cat gpg.conf intended content unwanted addition $ ll total 4 -rwxr--r-- 1 peter peter 35 Jan 30 11:42 gpg.conf ---------------------8<------------->8--------------------- The thing is, you're not allowed to change any files, but you are allowed to replace those files by your own. The sticky bit might help, but I'm not sure. gpg does stuff with a bunch of files in the homedir, and I suspect that some might need the permission to overwrite files one of your other users created. I haven't thought about the rest of your setup, this is just one issue that stood out to me so I commented on that. HTH, Peter. [1] Additionally, why are all files executable? [2] ll is shorthand for "ls -l" -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users