[pkg-gnupg-maint] Bug#852697: Bug#852697: gnupg-agent: automatically starts gpg-agent in root user slice
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jan 27 00:05:48 UTC 2017
Hi Laurent--
On Thu 2017-01-26 09:06:03 -0500, Laurent Bonnaud wrote:
> I usually remotely log in (via ssh) as root on a system where gnupg
> packages are installed and I noticed that a gpg-agent process is
> created for the root user:
>
> # systemd-cgls
> Control group /:
> -.slice
> ├─user.slice
> │ └─user-0.slice
> │ ├─user at 0.service
> │ │ ├─dbus.service
> │ │ │ └─16957 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslo
> │ │ ├─gpg-agent.service
> │ │ │ └─15353 /usr/bin/gpg-agent --supervised
> │ │ ├─init.scope
> │ │ │ ├─31495 /lib/systemd/systemd --user
> │ │ │ └─31497 (sd-pam)
> │ │ └─gvfs-daemon.service
> │ │ ├─17040 /usr/lib/gvfs/gvfsd
> │ │ └─17045 /usr/lib/gvfs/gvfsd-fuse /run/user/0/gvfs -f -o big_writes
>
> This process is of no use to the root user and therefore the system
> would be better without it. Would it be possible to prevent the
> creation of this process?
It should only be active because some process queried the gpg-agent. If
nothing queries the agent, then it won't get started.
Having it in the user at 0.service subtree is good because that means it
will be terminated when your session ends.
You can safely terminate the systemd-supervised agent with the same way
that you would terminate any other systemd-supervised user service:
systemctl --user stop gpg-agent
But note that if some other process wants to talk to the agent, then
systemd will start it up again automatically as requested.
Does the agent process appear as soon as you log in?
Is it possible that something in your login scripts is invoking gpg in a
way that wants to talk to the agent?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170126/015b364b/attachment.sig>
More information about the pkg-gnupg-maint
mailing list