1

During the semi-automatic updates to my Linux Mint (v21.3, "Cinnamon") O/S, I receive this warning from the "progress window" (a terminal-window view) that appears during the update"

Warning: unsafe permissions on 'root/.gnupg'

Of course, the warning does not tell me why the permissions are unsafe.

Confusingly, I can find numerous questions on this (and other) forums regarding the .gnupg file located at /home/username/.gnupg but I have yet to find any useful information re: standard (and safe!) permissions for the root/.gnupg folder, which of course is the one that is being flagged as having "unsafe permissions."

Being relatively new to the world of Linux, a bit of background information about

  • What the function of */.gnupg is?
  • Why it appears in more than one folder?
  • What's critical about its permission-levels?

Edit 2025-03-14- Owner is myself (my user name) Group is 'sudo' The permissions are drwxrwxr--

Birdman
  • 49

1 Answers1

0

what the function of */.gnupg is

It is Gnu Privacy Guard. you can learn more at https://gnupg.org/

GPG is primarily concerned with Encryption and signing of data, to ensure its confidentiality, Integrity, and the Identity of the person who possesses/transmits it.

GPG uses asymmetric Public Key Cryptography involving one or more private keys that must be available to their owner.

why it appears in more than one folder

Each user of a system should have their own keys that only they own and have access to. The keys in /root/.gnupg are the keys owned by the user 'root'. each user will have that directory in the root of their home (~/.gnupg).

what's critical about its permission-levels

Linux is a multi-user system, so its designed to protect resources owned by one user from another. .gnupg is particularly important, becase anyone in possession of a private key can use it, and if i get my hands on your private keys, I can impersonate you, creating messages that no one can tell were not created by you. I could alter messages you did send without risk of detection, and decrypt messages that were sent to you privately.

So in sum, the promises of Confidentiality, Integrity, and Identity are only valid if your keys are stored in a secure manner that only your user can access.

As Ramhound has pointed out, if you want to fix it, there is information about that process here: What are the correct permissions for the .gnupg enclosing folder? gpg: WARNING: unsafe enclosing directory permissions on configuration file

Frank Thomas
  • 37,476