I cannot reproduce this - in other words, using "runas" works fine for me: Enigmail deos find GnuPG and works correctly.
You have to be careful when using "runas": Windows allows to install software in the user's profile but map it, such that it looks like it is installed regularly to C:\Program Files.... But if you use "runas" then this won't work - it is important that GnuPG is really installed gloabally, i.e. it must be phyiscally installed to C:\Program Files (x86)\gnupgand not in the current user's profile.
If Enigmail doesn't find GnuPG you can try to set the path manually in the Enigmail user preferences.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
unfortunately I can reproduce it quite simply!
1. Install gpg4win-3.1.5
2. Thunderbird Setup 60.6.1
3. install enigmail
4. create new windows user
5. run thunderbird -p as new window user
6. create new profile for new user
7. install enigmail
8. --->>> error
9. set path for C:\Program Files\GnuPG\bin\gpg.exe
10. --->>> error
Please see attached screenshot.
Its really simple to reproduce this bug.
Can I provide more details?
Are you sure that GnuPG is installed globally? In other words, if you log in as the new user (not using "runas"), can you use gpg from the command line? For example does gpg.exe --version do something? And can you see in the Windows Explorer that GnuPG is installed in C:\Program Files\GnuPG\bin?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm sorry, but your video ends after 5 minutes. The executed command is not visible. You might want to use "C:\Program Files\GnuPG..." instead of "C:\Programme\GnuPG...." in the path field. I'm not sure how well Windows 7 would translate such paths in runas environments.
In addition, the menu Enigmail > About Enigmail gives you some more details than the smartcard window. And finally, if the above doesn't help, then please provide me with a debugging log file
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
A bit off-topic, but: What are you trying to achieve with this non-standard runas-usage?
And please do consider that Patrick's supporting ALL enigmail users merely alone and that your case requires quite some effort to reproduce if your're not working on Windows anyway.
Patrick, I think the UAC dialog is not captured at the video start, but taking into account that the setup binary's icon wears a "admin rights required"-shield badge and that the mouse is moved towards the middle and that the screen flickers, I deduct that GnuPG was indeed installed with admin rights.
I don't see that when Thunderbird is installed but to my experience, Thunderbird also asks for privilege escalation and the garbled video may be proof of that.
p2p, I am irritated though, that an 1:01 the UAC IS shown in the video.
Patrick, the error happens BEFORE any path is set and does NOT refer to GnuPG not being found, but ENIGMAIL SERVICES not being found. I expect this to be a THUNDERBIRD issue since it's unclear to me in which application HOME folder structure it should run. I'd expect it to run as test but within axel's folders.
Axel, please try what Patrick asked you to: Log off and log on as Test. Start TB. Does EM work there? If not (and yields the error you encountered before), please delete the TB profile, create it while logged in as test, make sure it fully works. Only then log off and log in as Axel and try to runas test.
If that doesn't solve it, please provide a debug trace as requested by Patrick.
Last edit: Olav Seyfarth 2019-04-06
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@Olav: You say: "Axel, please try what Patrick asked you to: Log off and log on as Test. Start TB. Does EM work there?"
I don't want to prove this because I don't need it. I need the runas command instead of logging in to the other account. Whats the reason: Its a security concern. The user has no access to the Thunderbird Profile/Emails path. But the "runas User" has!
@Patrick:
Do you want to fix this bug for Win 7? Win 7 is supported by Microsoft still.
If yes you can see my uploaded video for reproducing the bug. You have to test on Win7 anyway.
Thank you very much!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@Olav: You say: "Axel, please try what Patrick asked you to: Log off and log on as Test. Start TB. Does EM work there?"
I don't want to prove this because I don't need it. I need the runas command instead of logging in to the other account. Whats the reason: Its a security concern. The user has no access to the Thunderbird Profile/Emails path. But the "runas User" has!
@Patrick:
Do you want to fix this bug for Win 7? Win 7 is supported by Microsoft still.
If yes you can see my uploaded video for reproducing the bug. You have to test on Win7 anyway.
The result is clear. Enigmail does find got, however execution fails with exit code -1 and no text printed by gpg. This means that Enigmail cannot execute gpg. The error is such that I can't fix it in Enigmail, it must be fixed on the OS side.
I can't tell if gpg can't start because it does not find some libraries or because Thunderbird with Tina's is not allowed to execute gpg.
I had a setup with Thunderbird 24 and there it worked also on Win 7.
What do you suggest? Implement Windows 7 Runas und patch WIndows for ENigmail? Seems to be impossible!
Its defenitely a Enigmail Problem not Windows one.
My other software is running with runas fine.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I can reproduce the behavior on Windows 7 with the setup you describe. However, if you look at the Thunderbird error console, you can see the following output:
error:[objectObject]{"message":"Failed to create process","fileName":"resource://enigmail/enigmailprocess_worker_win.js","lineNumber":574,"stack":"spawn@resource://enigmail/enigmailprocess_worker_win.js:574:13\nBaseProcess@resource://enigmail/enigmailprocess_worker_common.js:67:5\nProcess@resource://enigmail/enigmailprocess_worker_win.js:345:11\nspawn@resource://enigmail/enigmailprocess_worker_common.js:135:21\nonmessage/<@resource://enigmail/enigmailprocess_worker_common.js:230:27\nonmessage@resource://enigmail/enigmailprocess_worker_common.js:229:3\n"}
In other words, the Windows function to create a process returned with an error. The only change I made in the last years was to allow the created process to place a window in the foreground. This is a required change for pinentry to work correctly.
I'm sorry, but I can't fix this.
However, I believe you could change the way you work. It is better to work by default with a Standard User (without admin rights), and only use an Administrator account if needed (i.e. you use runas if you install software etc) . You work in the opposite way, which is not recommended by security experts.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thank you for investigation.
I will double check with older thunderbird/enigmail version. As I said thunderbird 24 works with described behaviour.
The runas user is a standard user as well!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
@Patrick: I tested Thunderbird 24 with Enigmail 1.7.2 with gpg4win 3.1.5 without problems.
So its defenitely a thunderbird/enigmail bug.
Please confirm as bug.
Perhaps you have time to debug. We cannot use enigmail at the moment.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
as already discovered here:
https://sourceforge.net/p/enigmail/forum/support/thread/768cd93f36/
Enigmail doesn't find the gnupg app if thunderbird was started with runas as different user!
I want to ask if there is a solution so far? If not should we open a bugreport?
Please help!
I cannot reproduce this - in other words, using "runas" works fine for me: Enigmail deos find GnuPG and works correctly.
You have to be careful when using "runas": Windows allows to install software in the user's profile but map it, such that it looks like it is installed regularly to C:\Program Files.... But if you use "runas" then this won't work - it is important that GnuPG is really installed gloabally, i.e. it must be phyiscally installed to
C:\Program Files (x86)\gnupgand not in the current user's profile.If Enigmail doesn't find GnuPG you can try to set the path manually in the Enigmail user preferences.
Hello,
unfortunately I can reproduce it quite simply!
1. Install gpg4win-3.1.5
2. Thunderbird Setup 60.6.1
3. install enigmail
4. create new windows user
5. run thunderbird -p as new window user
6. create new profile for new user
7. install enigmail
8. --->>> error
9. set path for C:\Program Files\GnuPG\bin\gpg.exe
10. --->>> error
Please see attached screenshot.
Its really simple to reproduce this bug.
Can I provide more details?
Please help.
Are you sure that GnuPG is installed globally? In other words, if you log in as the new user (not using "runas"), can you use gpg from the command line? For example does
gpg.exe --versiondo something? And can you see in the Windows Explorer that GnuPG is installed in C:\Program Files\GnuPG\bin?Yes, I proved it.
Please see the video attached.
I'm sorry, but your video ends after 5 minutes. The executed command is not visible. You might want to use "C:\Program Files\GnuPG..." instead of "C:\Programme\GnuPG...." in the path field. I'm not sure how well Windows 7 would translate such paths in runas environments.
In addition, the menu Enigmail > About Enigmail gives you some more details than the smartcard window. And finally, if the above doesn't help, then please provide me with a debugging log file
I am woundering why you cannot reproduce the bug. I have made a video for doing exactly the same steps. Is it really so hard to prove?
A bit off-topic, but: What are you trying to achieve with this non-standard runas-usage?
And please do consider that Patrick's supporting ALL enigmail users merely alone and that your case requires quite some effort to reproduce if your're not working on Windows anyway.
Patrick, I think the UAC dialog is not captured at the video start, but taking into account that the setup binary's icon wears a "admin rights required"-shield badge and that the mouse is moved towards the middle and that the screen flickers, I deduct that GnuPG was indeed installed with admin rights.
I don't see that when Thunderbird is installed but to my experience, Thunderbird also asks for privilege escalation and the garbled video may be proof of that.
p2p, I am irritated though, that an 1:01 the UAC IS shown in the video.
Patrick, the error happens BEFORE any path is set and does NOT refer to GnuPG not being found, but ENIGMAIL SERVICES not being found. I expect this to be a THUNDERBIRD issue since it's unclear to me in which application HOME folder structure it should run. I'd expect it to run as test but within axel's folders.
Axel, please try what Patrick asked you to: Log off and log on as Test. Start TB. Does EM work there? If not (and yields the error you encountered before), please delete the TB profile, create it while logged in as test, make sure it fully works. Only then log off and log in as Axel and try to runas test.
If that doesn't solve it, please provide a debug trace as requested by Patrick.
Last edit: Olav Seyfarth 2019-04-06
As I said, I cannot reprodue the bug. But have Windows 10, not Windows 7.
@Olav: You say: "Axel, please try what Patrick asked you to: Log off and log on as Test. Start TB. Does EM work there?"
I don't want to prove this because I don't need it. I need the runas command instead of logging in to the other account. Whats the reason: Its a security concern. The user has no access to the Thunderbird Profile/Emails path. But the "runas User" has!
@Patrick:
Do you want to fix this bug for Win 7? Win 7 is supported by Microsoft still.
If yes you can see my uploaded video for reproducing the bug. You have to test on Win7 anyway.
Thank you very much!
I would not know what to fix if you don't provide a debugging log file.
----- Originale Nachricht -----
Von: p2p p2p10@users.sourceforge.net
Gesendet: 08.04.2019 - 18:55
An: patrick@enigmail.net
Betreff: [enigmail:forum] runas bug with thunderbird
OK, I will create it tomorrow.
Hope this helps.
The result is clear. Enigmail does find got, however execution fails with exit code -1 and no text printed by gpg. This means that Enigmail cannot execute gpg. The error is such that I can't fix it in Enigmail, it must be fixed on the OS side.
I can't tell if gpg can't start because it does not find some libraries or because Thunderbird with Tina's is not allowed to execute gpg.
----- Originale Nachricht -----
Von: p2p p2p10@users.sourceforge.net
Gesendet: 10.04.2019 - 18:56
An: patrick@enigmail.net
Betreff: [enigmail:forum] runas bug with thunderbird
I had a setup with Thunderbird 24 and there it worked also on Win 7.
What do you suggest? Implement Windows 7 Runas und patch WIndows for ENigmail? Seems to be impossible!
Its defenitely a Enigmail Problem not Windows one.
My other software is running with runas fine.
I'm currently on travel. I'll look at it next week, but I have little hope that I'll find a quick fix.
I can reproduce the behavior on Windows 7 with the setup you describe. However, if you look at the Thunderbird error console, you can see the following output:
In other words, the Windows function to create a process returned with an error. The only change I made in the last years was to allow the created process to place a window in the foreground. This is a required change for pinentry to work correctly.
I'm sorry, but I can't fix this.
However, I believe you could change the way you work. It is better to work by default with a Standard User (without admin rights), and only use an Administrator account if needed (i.e. you use
runasif you install software etc) . You work in the opposite way, which is not recommended by security experts.Thank you for investigation.
I will double check with older thunderbird/enigmail version. As I said thunderbird 24 works with described behaviour.
The runas user is a standard user as well!
The reason may also be a different GnuPG version. gpg4win 2.x and 3.x are substantially different.
@Olav: I followed the steps without success.
@Patrick: I tested Thunderbird 24 with Enigmail 1.7.2 with gpg4win 3.1.5 without problems.
So its defenitely a thunderbird/enigmail bug.
Please confirm as bug.
Perhaps you have time to debug. We cannot use enigmail at the moment.