PGP only works for the user who licensed it. I wish this part was documented better for UNIX systems. It seems to be a common problem. I am unsure of the correct solution. I read the docs and related forum posts that say to use a shared directory for all users to use, but is that wise from a security standpoint? What am I to lose by doing so? Would it be better to re-license PGP for each user, thereby restricting each user to its own PGP home directory?
Here's my scenario. I have a multi-user UNIX server with many different pgp users on it.
I installed PGP Command Line 10.2 on Solaris 10 64-bit and ran this license syntax to license it.
pgp --license-authorize --license-name root --license-organization XXX --license-number XXX --license-email MYEMAIL
PGP worked fine for the root user, but not for the other users on the system. Other users got this error:
2713:no license has been entered
So then I searched the forums and found that I should use a shared home directory. So I re-licensed it, adding this option:
--home-dir=/opt/pgp
and I change permissions on /opt/pgp/PGPprefs.xml and /opt/pgp/randseed.rnd to 644 so that all users could read them, like so:
-rw-r--r-- 1 root root 3196 Oct 14 12:51 PGPprefs.xml
-rw-r--r-- 1 root root 512 Oct 14 16:54 randseed.rnd
I think this will work now, but is this the way it should be done? Am I somehow at risk by sharing this directory and the keyrings therein? What is the best way to resolve this, from a "best practices" point of view? Can each user re-license the software individually, or would that only cause other problems? Would a security auditor suggest it be done differently?
What am I missing?
Thanks in advance,
-Steve in Phx.