gpg: WARNING: unsafe ownership on configuration file, $gpg --fingerprint on Ubuntu9.10

Question

I'm getting this error when I run this code.

gpg --fingerprint

gpg: WARNING: unsafe ownership on configuration file `/home/dylan/.gnupg/gpg.conf

The problem seems to be with permissions, but I have tried this code, and it has not seemed to change a thing. Checking through nautilus, I own the file and have read/write priv., and all others set to 'none'.

sudo chmod 600 ~/.gnupg/gpg.conf

---

dylan@Majuscule:~$ sudo chown -R dylan ~dylan/.gnupg
[sudo] password for dylan: 
dylan@Majuscule:~$ chmod 600 ~/.gnupg/gpg.conf
dylan@Majuscule:~$ chmod 700 ~/.gnupg
dylan@Majuscule:~$ gpg --fingerprint
dylan@Majuscule:~$ sudo gpg --fingerprint
gpg: WARNING: unsafe ownership on configuration file `/home/dylan/.gnupg/gpg.conf'
dylan@Majuscule:~$ ls -al /home/dylan/.gnupg
total 24
drwx------  2 dylan dylan 4096 2010-02-02 13:46 .
drwxr-xr-x 60 dylan dylan 4096 2010-02-02 13:43 ..
-rw-------  1 dylan dylan 9364 2010-01-27 06:34 gpg.conf
-rw-------  1 dylan dylan    0 2010-01-27 06:34 pubring.gpg
-rw-------  1 dylan dylan    0 2010-01-27 06:34 secring.gpg
-rw-------  1 dylan dylan   40 2010-01-27 06:34 trustdb.gpg
dylan@Majuscule:~$ 

Answer 1

Commands run with sudo will be run as root. What you want to do is to own the files as your user dylan, right?

Maybe so happens that root is owning your files now. This can be changed by:

sudo chown -R dylan ~dylan/.gnupg

and then as dylan:

chmod 600 ~/.gnupg/gpg.conf
chmod 700 ~/.gnupg

To check the result:

ls -l ~/.gnupg
ls -ld ~/.gnupg

The letters to the left after writing ls means:

r read access (4), w write access (2), x execute acess (1)

So the 6 = 4 + 2 -> read and write access

And the 7 = 4 + 2 + 1 -> read, write and execute access

To be able to entering a directory you will need the execute access.

If you want to create a directory where it is only possible to traverse but not list the files, you can do: chmod 100 the_directory.

Read the chmod(2) manual for more information.

Answer 2

Run the gpg command as dylan (i.e. not with sudo) and you will not see the error. You don't need to be root to access GPG keys owned by your user.

Conversely, you can access another user's GPG keys, as root, by specifying the --homedir option. You will still see the error in this case, unless you're accessing root's GPG keys.