chiark / gitweb /
~mdw / tripe / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Allow the caller to configure the administration socket permissions.
[tripe] / server / tripe.8.in
diff --git a/server/tripe.8.in b/server/tripe.8.in
index f43ab5f8ca4b8d9155390618a9a98c80f4ada28e..9721246ff95661b2d9e721d966505791e0d7a325 100644 (file)
--- a/server/tripe.8.in
+++ b/server/tripe.8.in
@@ -55,6 +55,8 @@ tripe \- a simple VPN daemon
 .IR group ]
 .RB [ \-a
 .IR socket ]
+.RB [ \-m
+.IR mode ]
 .RB [ \-T
 .IR trace-opts ]
 .br
@@ -256,6 +258,16 @@ if that's not set either, then a default default of
 .B "\*(/s/tripesock"
 is used instead.
 .TP
+.BI "\-m, \-\-admin\-perms=" mode
+Permissions (as an octal number) to set on the administration socket.  The
+default is 600, which allows only the socket owner.  Setting 660 allows
+members of the
+.I group
+configured through the
+.B \-G
+option to connect to the socket, which may be useful.  Allowing world access
+is a terrible idea.
+.TP
 .BI "\-T, \-\-trace=" trace-opts
 Allows the enabling or disabling of various internal diagnostics.  See
 below for the list of options.
Trivial IP Encryption: a simple VPN