mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-11-22 20:45:13 +00:00
Update documentation: swap, --ignore-swap, -k
This commit is contained in:
parent
a3f0c7c86b
commit
f4b8a2275e
34
doc/tomb.1
34
doc/tomb.1
@ -91,7 +91,7 @@ given. This is used to recoved buried keys from unsuspected places.
|
||||
.B
|
||||
.B
|
||||
.IP "-s \fI<MBytes>\fR"
|
||||
When creating a tomb, this option must be used to specify the size of
|
||||
When creating a tomb, this option MUST be used to specify the size of
|
||||
the new \fIfile\fR to be created, in megabytes.
|
||||
.B
|
||||
.IP "-k \fI<keyfile>\fR"
|
||||
@ -100,6 +100,13 @@ of the key to use. Keys are created with the same name of the tomb
|
||||
file adding a '.gpg' suffix, but can be later renamed and transported
|
||||
on other media. When a key is not found, the program asks to insert a
|
||||
USB storage device and it will look for the key file inside it.
|
||||
When creating a tomb, this option can be used to specify the name (and
|
||||
location) of the key you are creating. For example, you could use
|
||||
.EX
|
||||
tomb create -s 100 tombname -k /media/usb/tombname
|
||||
.EE
|
||||
to put the key on a usb pendrive
|
||||
|
||||
.B
|
||||
.IP "-n"
|
||||
Skip processing of post-hooks and bind-hooks if found inside the tomb.
|
||||
@ -111,6 +118,11 @@ of the default \fIrw,noatime,nodev\fR. This option can be used to
|
||||
mount a tomb read-only (ro) to prevent any modification of its data,
|
||||
or to experiment with other settings (if you really know what you are
|
||||
doing) see the mount(8) man page.
|
||||
.B
|
||||
.IP "--ignore-swap"
|
||||
By default, Tomb will abort any create and open operation if swap is used (see
|
||||
SWAP section for details). This flag will disable this behaviour. NOTE: it is
|
||||
not secure to do so, unless you know that your swap is encrypted
|
||||
|
||||
.B
|
||||
.IP "-h"
|
||||
@ -124,6 +136,7 @@ Run more quietly
|
||||
.IP "-D"
|
||||
Print more information while running, for debugging purposes
|
||||
|
||||
|
||||
.SH HOOKS
|
||||
|
||||
Hooks are special files that can be placed inside the tomb and trigger
|
||||
@ -161,6 +174,25 @@ pinentry(1) is adopted to collect passwords from the user.
|
||||
Tomb executes as super user only those commands requiring it, while it
|
||||
executes desktop applications as processes owned by the user.
|
||||
|
||||
.SH SWAP
|
||||
|
||||
During "create" and "open" operation, swap will complain and \fIabort\fR if
|
||||
your system has swap activated. This can be annoying, and you can disable this
|
||||
behaviour using \fI--ignore-swap\fR. Before doing that, however, you may be
|
||||
interested in knowing the risks of doing so:
|
||||
.IP \(bu
|
||||
During both creation and opening it could write your secret key on the disk
|
||||
.IP \(bu
|
||||
After having opened the tomb, an application you're using could swap file
|
||||
contents. So you'll put file contents in clear on your disk
|
||||
.P
|
||||
|
||||
If you don't need swap, execute \fI swapoff -a\fR. If you really need it, you
|
||||
could encrypt it. Tomb doesn't detect if your swap is encrypted, and will
|
||||
complain anyway. In that case, using --ignore-swap is safe. Otherwise, use
|
||||
--ignore-swap at your own risk
|
||||
|
||||
|
||||
|
||||
.SH BUGS
|
||||
Please report bugs on the tracker at http://bugs.dyne.org
|
||||
|
Loading…
Reference in New Issue
Block a user