X-Git-Url: https://git.distorted.org.uk/~mdw/tripe/blobdiff_plain/383f2a0ba11493e653881537069bc2723cdb84a9..2de0ad0f5c5871d482d778908d08d0dd1b01c821:/doc/tripe.8 diff --git a/doc/tripe.8 b/doc/tripe.8 index 59fad18f..caacbe79 100644 --- a/doc/tripe.8 +++ b/doc/tripe.8 @@ -35,14 +35,14 @@ tripe \- a simple VPN daemon .SH "SYNOPSIS" .B tripe .RB [ \-D ] -.RB [ \-p -.IR port ] -.RB [ \-T -.IR trace-opts ] .RB [ \-d .IR dir ] -.RB [ \-a -.IR socket ] +.RB [ \-p +.IR port ] +.RB [ \-U +.IR user ] +.RB [ \-G +.IR group ] .br .RB [ \-k @@ -51,13 +51,19 @@ tripe \- a simple VPN daemon .IR pub-keyring ] .RB [ \-t .IR key-tag ] +.br + +.RB [ \-a +.IR socket ] +.RB [ \-T +.IR trace-opts ] .SH "DESCRIPTION" The .B tripe program is a server which can provide strong IP-level encryption and -authentication between two co-operating hosts. The program and its -protocol are deliberately very simple, to make analysing them easy and -to help build trust rapidly in the system. +authentication between co-operating hosts. The program and its protocol +are deliberately very simple, to make analysing them easy and to help +build trust rapidly in the system. .SS "Overview" The .B tripe @@ -85,17 +91,20 @@ interactively or by simple scripts. If not given any command-line arguments, .B tripe will initialize by following these steps: -.hP \*o -It changes directory to -.BR /var/lib/tripe . -.hP \*o +.hP 1. +It sets the directory named by the +.B TRIPEDIR +environment variable (or +.B /var/lib/tripe +if the variable is unset) as the current directory. +.hP 2. It acquires a UDP socket with an arbitrary kernel-selected port number. It will use this socket to send and receive all communications with its peer servers. The port chosen may be discovered by means of the .B PORT admin command (see .BR tripe\-admin (5)). -.hP \*o +.hP 3. It loads the private key with the tag or type name .B tripe\-dh from the Catacomb-format file @@ -108,7 +117,7 @@ ready for extracting the public keys of peers as they're introduced. They are maintained using the program .BR key (1) provided with the Catacomb distribution.) -.hP \*o +.hP 4. It creates and listens to the Unix-domain socket .BR tripesock . .PP @@ -116,7 +125,10 @@ Following this, the server enters its main loop, accepting admin connections and obeying any administrative commands, and communicating with peers. It also treats its standard input and standard output streams as an admin connection, reading commands from standard input and -writing responses and diagnostics messages to standard output. +writing responses and diagnostics messages to standard output. Finally, +it will reload keys from its keyring files if it notices that they've +changed (it checks inode number and modification time) \- there's no +need to send a signal. .PP Much of this behaviour may be altered by giving .B tripe @@ -158,6 +170,21 @@ if you don't want it to change directory at all. Use the specified UDP port for all communications with peers, rather than an arbitarary kernel-assigned port. .TP +.BI "\-U, \-\-setuid=" user +Set uid to that of +.I user +(either a user name or integer uid) after initialization. Also set gid +to +.IR user 's +primary group, unless overridden by a +.B \-G +option. +.TP +.BI "\-G, \-\-setgid=" group +Set gid to that of +.I group +(either a group name or integer gid) after initialization. +.TP .BI "\-k, \-\-priv\-keyring=" file Reads the private key from .I file