user GPG key not able to be used by SUDO
Solution 1
Solution: Added the following to the bash script:
HOME=/home/user/
Fin
Solution 2
Have you tried the --homedir
option?
Solution 3
I believe the default configuration of sudo is to preserve $HOME. So if you were logged in as user1, and used sudo scriptname
where scriptname did echo $HOME
, you should expect to see "/home/user1" echoed back, not "/root".
I'll assume BassKozz hasn't changed this. Perhaps he's not logged in as his desired user1, running the script as sudo. Perhaps he's really just running the script as root, for example through root's cronjob. In that case, his $HOME would never have been /home/user1 in the first place, so even if sudo preserves the value of $HOME it's not helping. In this case, any of the other answers that tell you how to set $HOME to the right value, or to inform gpg where your homedir is, should work.
If however, it's true as he says that he can't even run his duplicity script "as sudo"---that is, when logged in as user1 and typing sudo duplicity_script
, then the problem is not going to be a wrongly-set $HOME. As we've seen, $HOME should in that case have the right value. So the problem is something else. I haven't heard enough, and don't know duplicity+gpg well enough, to speculate what it might be.
Solution 4
If you use the "--preserve-env" option to sudo, then GPG in the sudo session will be able to find the gpg-agent running in the native session.
Example:
sudo --preserve-env YOUR_COMMAND...
Related videos on Youtube
Comments
-
BassKozz almost 2 years
I created a script that runs duplicity to backup files I have on a VPS,and uses a GPG key that I generated as a user.
When I try and run this script as SUDO I get:
GPGError: GPG Failed, see log below: ===== Begin GnuPG log ===== gpg: C7B2Y6DO: skipped: public key not found gpg: [stdin]: encryption failed: public key not found ===== End GnuPG log =====
Now I realize why this is (because it's not SUDO's key, it's the users key) but before I go and re-generate a key for SUDO is it possible to have sudo use the users key?
Not really important but the script is modeled off a combination of these three sites: http://www.cenolan.com/2008/12/how-to-incremental-daily-backups-amazon-s3-duplicity/
http://www.randys.org/2007/11/16/how-to-automated-backups-to-amazon-s-s3-with-duplicity/
-
BassKozz over 14 yearsThere is no --homedir option for duplicity, or atleast it's not working: Command line error: option --homedir not recognized
-
Dennis Williamson over 14 years@BassKozz: You would use duplicity's
--gpg-options
option to pass the--homedir
option to gpg:duplicity ... --gpg-options "homedir=/home/username/.gnupg" ...
(untested) -
user66638 over 7 years@DennisWilliamson correct command is --gpg-options "--homedir=/home/username/.gnupg"
-
Craig Hicks about 6 yearsI agree with this answer. In my case it's not a problem with sudo's HOME or ~ being wrong because it works with encryption. But on decryption it ignores the passphrase even though that is passed.