Re: Multiple account problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Steve,

On Fri, 2024-04-19 at 12:28 -0400, Steve Grubb wrote:
> Hello,
> 
> I have run into an issue on F39 that I wanted to ask about. I decided
> that I 
> wanted to develop an application on github from another account to
> simplify 
> which keys are being used. I created the user acct and used "su -
> myacct" to 
> login to it. I then tried to import gpg keys and got this:
> 
> gpg: key 495F8DEXXX/495F8DEXXX: error sending to agent: Permission
> denied
> gpg: error building skey array: Permission denied
> gpg: error reading 'myacct-secret.gpg': Permission denied
> gpg: import from 'myacct-secret.gpg' failed: Permission denied

I've had this sort of problem before and the key item here is that the
agent fails, and from what I've found previously is that is because it
tries to attach to /dev/tty, but is not permitted as the su (or sudo)
user is not the owner.

After that everything falls apart.

> 
> So then I logged in by ssh localhost and run "gpg --import" and got
> this:
> 
> gpg: Note: database_open 134217901 waiting for lock (held by 16325)
> ...
> gpg: Note: database_open 134217901 waiting for lock (held by 16325)
> ...
> gpg: Note: database_open 134217901 waiting for lock (held by 16325)
> ...
> gpg: Note: database_open 134217901 waiting for lock (held by 16325)
> ...
> ^C
> gpg: signal Interrupt caught ... exiting
> 
> Process 16325 is keyboxd pointing to the right homedir path. But then
> I 
> notice there are 2 keyboxd running for this acct. I log out and as
> root kill 
> everything under the new account and then ssh back to it. This time
> gpg pops 
> up a screen to ask the passphrase and it succeeds.

Ignoring multiple keyboxd running, the difference here is that ssh
localhost allocates a new tty when you log in, owned by that user and
the agent can open it.
> 
> This is weird. In the past I know that you could "su" into an account
> and 
> everything just worked. The difference between "su" and "ssh" is that
> "ssh" 
> creates /usr/lib/systemd/systemd --user.

So, no, it isn't specifically systemd issue, but tty allocation.
> 
> Should "su -" also start it's own systemd instance since things
> seemingly 
> can't function without it?
> By extension, what does this mean for sudo?
> Why do 2 instances of keyboxd for that acct get started? (Should the
> second 
> one have gracefully exited?)
> Or is this expected behavior?

Yeah, that bit I'm not sure of.
> 
> Thanks,
> -Steve

Regards
Frank
> 
> --
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-
> US/project/code-of-conduct/
> List Guidelines:
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproje
> ct.org
> Do not reply to spam, report it: https://pagure.io/fedora-
> infrastructure/new_issue
> 
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux