diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-01-29 20:43:30 +0100 |
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2018-01-29 20:43:30 +0100 |
| commit | a8d6dbedca703e8f2ed26beb018eeac72a1b0fb1 (patch) | |
| tree | 73352123cfec956968333f15c066ca07e3726128 /man | |
| parent | 3209474fcb66cba8e957e9317c093fa3bf93b292 (diff) | |
| download | systemd-a8d6dbedca703e8f2ed26beb018eeac72a1b0fb1.tar.gz | |
man: note handling of secret information with permissions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd.netdev.xml | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 30a6164166..2f67d2f223 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1025,7 +1025,10 @@ <para>The Base64 encoded private key for the interface. It can be generated using the <command>wg genkey</command> command (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>). - This option is mandatory to use WireGuard.</para> + This option is mandatory to use WireGuard. + Note that because this information is secret, you may want to set + the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal> + with a <literal>0640</literal> file mode.</para> </listitem> </varlistentry> <varlistentry> @@ -1070,7 +1073,10 @@ by the <command>wg genpsk</command> command. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum - resistance.</para> + resistance. + Note that because this information is secret, you may want to set + the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal> + with a <literal>0640</literal> file mode.</para> </listitem> </varlistentry> <varlistentry> |