Re: [GNUnet-developers] multiple users per host, GNUNETD_HOME and GNUNET_HOME

[Christian Grothoff]

> > What is the relationship between GNUNET_HOME and GNUNETD_HOME, i see
> > they are both used but only GNUNETD_HOME is defined in the default
> > config file.
>
> So, GNUNETD_HOME is set in the global config file, and GNUNET_HOME is
> set in the per user config file.

Right.

> As regular user i setup a  ~/.gnunet/gnunet.conf that specified
> GNUNET_HOME and gnunet-stats is working now.
>
> I have gnunetd started as root, the resulting hostkey in
> $GNUNETD_HOME/.hostkey has permissions 600 which means it isnt readable
> to normal users.
>
> I now have problems with gnunet-peer-info.

Normal users should have no reason to run gnunet-peer-info, it is just a 
diagnostics tool for gnunetd. 

> $ gnunet-peer-info
> Jan 17 10:17:53 Creating new hostkey (this may take a while)...
> Jan 17 10:18:28 WARNING: Writing 914 bytes to file
> /var/lib/GNUnet/.hostkey failed!
> Jan 17 10:18:28 INFO: error closing file descriptor in storage.c:439
> (Bad file descriptor)
>
> (then a list of peers follow)
>
>
> If i made a gnunet group and make .hostkey's permission 0640, then
> gnunet-peer-info would work better, does this sound like a good idea ?

You'd also have to SGID gnunet-peer-info.  I'm not sure that's such a great 
idea.

> Or perhaps gnunet-peer-info should check permissions of the file before
> trying to replace it.

That is true, only that this specific piece of code at this point currently 
does not know that it is not run by gnunetd.  But that should be fixed.

> The hostkey is supposed to private as it can compromise anonymity, so i
> want to be carefull about this, also its probably better to setup gnunet
> to run as a non-root user/group.

Right.

C