Llewellyn/Tomb
1
0
Fork 0
mirror of https://github.com/Llewellynvdm/Tomb.git synced 2024-11-22 20:45:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update documentation: swap, --ignore-swap, -k

Browse Source
This commit is contained in:
boyska 2011-08-31 17:07:18 +02:00 committed by Jaromil
parent a3f0c7c86b
commit f4b8a2275e
1 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
doc/tomb.1
View File

@ -91,7 +91,7 @@ given. This is used to recoved buried keys from unsuspected places.
.B .B
.B .B
.IP "-s \fI<MBytes>\fR" .IP "-s \fI<MBytes>\fR"
When creating a tomb, this option must be used to specify the size of When creating a tomb, this option MUST be used to specify the size of
the new \fIfile\fR to be created, in megabytes. the new \fIfile\fR to be created, in megabytes.
.B .B
.IP "-k \fI<keyfile>\fR" .IP "-k \fI<keyfile>\fR"
@ -100,6 +100,13 @@ of the key to use. Keys are created with the same name of the tomb
file adding a '.gpg' suffix, but can be later renamed and transported file adding a '.gpg' suffix, but can be later renamed and transported
on other media. When a key is not found, the program asks to insert a on other media. When a key is not found, the program asks to insert a
USB storage device and it will look for the key file inside it. USB storage device and it will look for the key file inside it.
When creating a tomb, this option can be used to specify the name (and
location) of the key you are creating. For example, you could use
.EX
tomb create -s 100 tombname -k /media/usb/tombname
.EE
to put the key on a usb pendrive
.B .B
.IP "-n" .IP "-n"
Skip processing of post-hooks and bind-hooks if found inside the tomb. Skip processing of post-hooks and bind-hooks if found inside the tomb.
@ -111,6 +118,11 @@ of the default \fIrw,noatime,nodev\fR. This option can be used to
mount a tomb read-only (ro) to prevent any modification of its data, mount a tomb read-only (ro) to prevent any modification of its data,
or to experiment with other settings (if you really know what you are or to experiment with other settings (if you really know what you are
doing) see the mount(8) man page. doing) see the mount(8) man page.
.B
.IP "--ignore-swap"
By default, Tomb will abort any create and open operation if swap is used (see
SWAP section for details). This flag will disable this behaviour. NOTE: it is
not secure to do so, unless you know that your swap is encrypted
.B .B
.IP "-h" .IP "-h"
@ -124,6 +136,7 @@ Run more quietly
.IP "-D" .IP "-D"
Print more information while running, for debugging purposes Print more information while running, for debugging purposes
.SH HOOKS .SH HOOKS
Hooks are special files that can be placed inside the tomb and trigger Hooks are special files that can be placed inside the tomb and trigger
@ -161,6 +174,25 @@ pinentry(1) is adopted to collect passwords from the user.
Tomb executes as super user only those commands requiring it, while it Tomb executes as super user only those commands requiring it, while it
executes desktop applications as processes owned by the user. executes desktop applications as processes owned by the user.
.SH SWAP
During "create" and "open" operation, swap will complain and \fIabort\fR if
your system has swap activated. This can be annoying, and you can disable this
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
interested in knowing the risks of doing so:
.IP \(bu
During both creation and opening it could write your secret key on the disk
.IP \(bu
After having opened the tomb, an application you're using could swap file
contents. So you'll put file contents in clear on your disk
.P
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
--ignore-swap at your own risk
.SH BUGS .SH BUGS
Please report bugs on the tracker at http://bugs.dyne.org Please report bugs on the tracker at http://bugs.dyne.org