Hi Dan-- Just a quick note, please see below for the context.
On Wed, Sep 7, 2016, at 03:20 AM, Ramakrishnan Muthukrishnan wrote: > > On Wed, Sep 7, 2016, at 02:07 AM, Daniel Kahn Gillmor wrote: > > > > On Tue 2016-09-06 05:12:07 -0400, Ramakrishnan Muthukrishnan wrote: > > > On Tue, Sep 6, 2016, at 12:47 PM, Daniel Kahn Gillmor wrote: > > >> If it still fails, what happens when you expand the permissions on your > > >> terminal before doing an su ? For example, if your Keyring Account is > > >> named "keyring-account" and you have the acl package installed, you > > >> might try a wrapper like this: > > >> > > >> #!/bin/sh > > >> setfacl -m u:keyring-account:rw $(tty) > > >> su - keyring-account > > >> setfacl -x u:keyring-account $(tty) > > > > > > Ok, I tried that. The first setfacl command is returning an error: > > > > > > "setfacl: /dev/pts/1: Operation not supported" > > > > > > After logging in, it had the same behaviour as before, failing with > > > Permission denied message. I am guessing the setfacl failed and hence it > > > didn't have any effect. > > > > hm, right, it looks like devpts doesn't support acls: > > > > https://serverfault.com/questions/398659/acl-on-dev-pts/398683 > > https://lwn.net/Articles/121773/ > > > > That's a shame. what about changing the group membership of the tty > > before triggering the su - ? > > > > chgrp $(getent passwd keyring-user | cut -f4 -d:) $(tty) > > Hmm. That command errored out with a "permission denied". But the second > one succeeded. > > > chmod g+rw $(tty) > > As 'root', I added the keyring-user into the group 'tty' and then the > signing worked just fine. I was undoing the above steps and found that the command that had an effect on getting the signing to work is this one: chmod g+rw $(tty) This is how it looked before executing the above command from the Main account. $ ls -l /dev/pts total 0 crw--w---- 1 ram tty 136, 0 Sep 7 02:56 0 c--------- 1 root root 5, 2 Sep 7 01:23 ptmx So, the "r" bit was added for the group bits for /dev/pts/0. If I remove this again with 'chmod g-r $(tty)', then I get the same old error messages and the popup prompt for entering the passphrase does not happen. Cheers -- Ramakrishnan
