.gnupg directory in the home directory

home

I found a strange directory in my home directory on Linux Mint 17.2 Cinnamon (though I'm pretty confident it's on all Linux distros) called .gnupg. It has no access given to ANYONE other than root. So I have three questions:

  1. What is this directory? What does it contain?
  2. Why is it placed in the user's home directory yet doesn't give them any access?
  3. Will it do any harm by just entering the directory as root?

Best Answer

Most dot files have a name that resembles the application that uses it. Unsurprisingly, .gnupg is used by GnuPG. GnuPG (also known as GPG) is a program that encrypts and signs files. As soon as you invoke it for the first time, it will create a .gnupg directory in your home directory and a few files in it. This directory contains a lot of private information (e.g. who your contacts are), so it's accessible only to the owner. This could happen, for example, if someone sends you a signed email; if your email client supports PGP email then it will attempt to verify the signature (and fail since you don't have the sender's public key in your GPG keyring).

The real question here is why this directory in your home directory is owned by root. The answer is that you ran GPG as root, but with HOME set to your own home directory. Or, more precisely, you ran a program which ran GPG under the hood. One such program is APT: package management tools (apt-get, apt, aptitude, etc.) use GPG to verify that the packages that you download are genuine. If you ran something like sudo apt-get install SOMEPACKAGE, this would create a .gnupg directory in your home directory, since sudo doesn't change the home directory by default.

The fix is to remove the .gnupg directory, then create it under your user. You can just remove the root-owned directory (sudo rm -r ~/.gnupg): any file under your home directory is fair game for you. You could alternatively move it to root's home directory (sudo mv ~/.gnupg /root), but it doesn't contain anything important anyway. Then run a GPG command such as gpg --list-keys; this will populate your ~/.gnupg directory with empty keyring files.

Just entering a directory is always harmless. Listing files and viewing their content is usually harmless, but it can be harmful in some configurations because terminals parse escape sequences in what applications print. Under Linux, plain ls or ls -l is fine but ls -N is potentially risky. Plain cat filename is risky but less filename is fine (whereas less +R filename is risky). In the .gnupg directory, there's nothing harmful.

Related Question