2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
<!ENTITY TIMESTAMP "2023-10-21">
5
<!ENTITY TIMESTAMP "2019-07-24">
6
6
<!ENTITY % common SYSTEM "../common.ent">
198
198
This program is not meant to be run directly; it is really meant
199
to be run by other programs in the initial
200
<acronym>RAM</acronym> disk environment; see <xref
201
linkend="overview"/>.
199
to run as a plugin of the <application>Mandos</application>
200
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
201
<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the
202
initial <acronym>RAM</acronym> disk environment because it is
203
specified as a <quote>keyscript</quote> in the <citerefentry>
204
<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
205
</citerefentry> file.
216
220
<title>OPTIONS</title>
218
222
This program is commonly not invoked from the command line; it
219
is normally started by another program as described in <xref
220
linkend="description"/>. Any command line options this program
221
accepts are therefore normally provided by the invoking program,
223
is normally started by the <application>Mandos</application>
224
plugin runner, see <citerefentry><refentrytitle
225
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
226
</citerefentry>. Any command line options this program accepts
227
are therefore normally provided by the plugin runner, and not
476
482
<title>OVERVIEW</title>
477
483
<xi:include href="../overview.xml"/>
479
This program is the client part. It is run automatically in an
480
initial <acronym>RAM</acronym> disk environment.
483
In an initial <acronym>RAM</acronym> disk environment using
484
<citerefentry><refentrytitle>systemd</refentrytitle>
485
<manvolnum>1</manvolnum></citerefentry>, this program is started
486
by the <application>Mandos</application> <citerefentry>
487
<refentrytitle>password-agent</refentrytitle>
488
<manvolnum>8mandos</manvolnum></citerefentry>, which in turn is
489
started automatically by the <citerefentry>
490
<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>
491
</citerefentry> <quote>Password Agent</quote> system.
494
In the case of a non-<citerefentry>
495
<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>
496
</citerefentry> environment, this program is started as a plugin
497
of the <application>Mandos</application> <citerefentry>
498
<refentrytitle>plugin-runner</refentrytitle>
499
<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the
500
initial <acronym>RAM</acronym> disk environment because it is
501
specified as a <quote>keyscript</quote> in the <citerefentry>
502
<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
503
</citerefentry> file.
485
This program is the client part. It is a plugin started by
486
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
487
<manvolnum>8mandos</manvolnum></citerefentry> which will run in
488
an initial <acronym>RAM</acronym> disk environment.
506
491
This program could, theoretically, be used as a keyscript in
507
492
<filename>/etc/crypttab</filename>, but it would then be
508
493
impossible to enter a password for the encrypted root disk at
509
494
the console, since this program does not read from the console
495
at all. This is why a separate plugin runner (<citerefentry>
496
<refentrytitle>plugin-runner</refentrytitle>
497
<manvolnum>8mandos</manvolnum></citerefentry>) is used to run
498
both this program and others in in parallel,
499
<emphasis>one</emphasis> of which (<citerefentry>
500
<refentrytitle>password-prompt</refentrytitle>
501
<manvolnum>8mandos</manvolnum></citerefentry>) will prompt for
502
passwords on the system console.
770
762
<title>EXAMPLE</title>
772
764
Note that normally, command line options will not be given
773
directly, but passed on via the program responsible for starting
774
this program; see <xref linkend="overview"/>.
765
directly, but via options for the Mandos <citerefentry
766
><refentrytitle>plugin-runner</refentrytitle>
767
<manvolnum>8mandos</manvolnum></citerefentry>.
776
769
<informalexample>
823
816
<refsect1 id="security">
824
817
<title>SECURITY</title>
826
This program assumes that it is set-uid to root, and will switch
827
back to the original (and presumably non-privileged) user and
828
group after bringing up the network interface.
819
This program is set-uid to root, but will switch back to the
820
original (and presumably non-privileged) user and group after
821
bringing up the network interface.
831
824
To use this program for its intended purpose (see <xref
879
872
<manvolnum>5</manvolnum></citerefentry>,
880
873
<citerefentry><refentrytitle>mandos</refentrytitle>
881
874
<manvolnum>8</manvolnum></citerefentry>,
882
<citerefentry><refentrytitle>password-agent</refentrytitle>
875
<citerefentry><refentrytitle>password-prompt</refentrytitle>
883
876
<manvolnum>8mandos</manvolnum></citerefentry>,
884
877
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
885
878
<manvolnum>8mandos</manvolnum></citerefentry>