From f4b8a2275e865444a69002634dd83f6375a2ec8f Mon Sep 17 00:00:00 2001 From: boyska Date: Wed, 31 Aug 2011 17:07:18 +0200 Subject: [PATCH] Update documentation: swap, --ignore-swap, -k --- doc/tomb.1 | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/doc/tomb.1 b/doc/tomb.1 index 95ca32a..196b4e9 100644 --- a/doc/tomb.1 +++ b/doc/tomb.1 @@ -91,7 +91,7 @@ given. This is used to recoved buried keys from unsuspected places. .B .B .IP "-s \fI\fR" -When creating a tomb, this option must be used to specify the size of +When creating a tomb, this option MUST be used to specify the size of the new \fIfile\fR to be created, in megabytes. .B .IP "-k \fI\fR" @@ -100,6 +100,13 @@ of the key to use. Keys are created with the same name of the tomb file adding a '.gpg' suffix, but can be later renamed and transported on other media. When a key is not found, the program asks to insert a USB storage device and it will look for the key file inside it. +When creating a tomb, this option can be used to specify the name (and +location) of the key you are creating. For example, you could use +.EX +tomb create -s 100 tombname -k /media/usb/tombname +.EE +to put the key on a usb pendrive + .B .IP "-n" Skip processing of post-hooks and bind-hooks if found inside the tomb. @@ -111,6 +118,11 @@ of the default \fIrw,noatime,nodev\fR. This option can be used to mount a tomb read-only (ro) to prevent any modification of its data, or to experiment with other settings (if you really know what you are doing) see the mount(8) man page. +.B +.IP "--ignore-swap" +By default, Tomb will abort any create and open operation if swap is used (see +SWAP section for details). This flag will disable this behaviour. NOTE: it is +not secure to do so, unless you know that your swap is encrypted .B .IP "-h" @@ -124,6 +136,7 @@ Run more quietly .IP "-D" Print more information while running, for debugging purposes + .SH HOOKS Hooks are special files that can be placed inside the tomb and trigger @@ -161,6 +174,25 @@ pinentry(1) is adopted to collect passwords from the user. Tomb executes as super user only those commands requiring it, while it executes desktop applications as processes owned by the user. +.SH SWAP + +During "create" and "open" operation, swap will complain and \fIabort\fR if +your system has swap activated. This can be annoying, and you can disable this +behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be +interested in knowing the risks of doing so: +.IP \(bu +During both creation and opening it could write your secret key on the disk +.IP \(bu +After having opened the tomb, an application you're using could swap file +contents. So you'll put file contents in clear on your disk +.P + +If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you +could encrypt it. Tomb doesn't detect if your swap is encrypted, and will +complain anyway. In that case, using --ignore-swap is safe. Otherwise, use +--ignore-swap at your own risk + + .SH BUGS Please report bugs on the tracker at http://bugs.dyne.org