2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
<!ENTITY TIMESTAMP "2019-07-24">
5
<!ENTITY TIMESTAMP "2023-10-21">
6
6
<!ENTITY % common SYSTEM "../common.ent">
198
198
This program is not meant to be run directly; it is really meant
199
to run as a plugin of the <application>Mandos</application>
200
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
201
<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the
202
initial <acronym>RAM</acronym> disk environment because it is
203
specified as a <quote>keyscript</quote> in the <citerefentry>
204
<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
205
</citerefentry> file.
199
to be run by other programs in the initial
200
<acronym>RAM</acronym> disk environment; see <xref
201
linkend="overview"/>.
220
216
<title>OPTIONS</title>
222
218
This program is commonly not invoked from the command line; it
223
is normally started by the <application>Mandos</application>
224
plugin runner, see <citerefentry><refentrytitle
225
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
226
</citerefentry>. Any command line options this program accepts
227
are therefore normally provided by the plugin runner, and not
219
is normally started by another program as described in <xref
220
linkend="description"/>. Any command line options this program
221
accepts are therefore normally provided by the invoking program,
482
476
<title>OVERVIEW</title>
483
477
<xi:include href="../overview.xml"/>
485
This program is the client part. It is a plugin started by
486
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
487
<manvolnum>8mandos</manvolnum></citerefentry> which will run in
488
an initial <acronym>RAM</acronym> disk environment.
479
This program is the client part. It is run automatically in an
480
initial <acronym>RAM</acronym> disk environment.
483
In an initial <acronym>RAM</acronym> disk environment using
484
<citerefentry><refentrytitle>systemd</refentrytitle>
485
<manvolnum>1</manvolnum></citerefentry>, this program is started
486
by the <application>Mandos</application> <citerefentry>
487
<refentrytitle>password-agent</refentrytitle>
488
<manvolnum>8mandos</manvolnum></citerefentry>, which in turn is
489
started automatically by the <citerefentry>
490
<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>
491
</citerefentry> <quote>Password Agent</quote> system.
494
In the case of a non-<citerefentry>
495
<refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum>
496
</citerefentry> environment, this program is started as a plugin
497
of the <application>Mandos</application> <citerefentry>
498
<refentrytitle>plugin-runner</refentrytitle>
499
<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the
500
initial <acronym>RAM</acronym> disk environment because it is
501
specified as a <quote>keyscript</quote> in the <citerefentry>
502
<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>
503
</citerefentry> file.
491
506
This program could, theoretically, be used as a keyscript in
492
507
<filename>/etc/crypttab</filename>, but it would then be
493
508
impossible to enter a password for the encrypted root disk at
494
509
the console, since this program does not read from the console
495
at all. This is why a separate plugin runner (<citerefentry>
496
<refentrytitle>plugin-runner</refentrytitle>
497
<manvolnum>8mandos</manvolnum></citerefentry>) is used to run
498
both this program and others in in parallel,
499
<emphasis>one</emphasis> of which (<citerefentry>
500
<refentrytitle>password-prompt</refentrytitle>
501
<manvolnum>8mandos</manvolnum></citerefentry>) will prompt for
502
passwords on the system console.
762
770
<title>EXAMPLE</title>
764
772
Note that normally, command line options will not be given
765
directly, but via options for the Mandos <citerefentry
766
><refentrytitle>plugin-runner</refentrytitle>
767
<manvolnum>8mandos</manvolnum></citerefentry>.
773
directly, but passed on via the program responsible for starting
774
this program; see <xref linkend="overview"/>.
769
776
<informalexample>
816
823
<refsect1 id="security">
817
824
<title>SECURITY</title>
819
This program is set-uid to root, but will switch back to the
820
original (and presumably non-privileged) user and group after
821
bringing up the network interface.
826
This program assumes that it is set-uid to root, and will switch
827
back to the original (and presumably non-privileged) user and
828
group after bringing up the network interface.
824
831
To use this program for its intended purpose (see <xref
872
879
<manvolnum>5</manvolnum></citerefentry>,
873
880
<citerefentry><refentrytitle>mandos</refentrytitle>
874
881
<manvolnum>8</manvolnum></citerefentry>,
875
<citerefentry><refentrytitle>password-prompt</refentrytitle>
882
<citerefentry><refentrytitle>password-agent</refentrytitle>
876
883
<manvolnum>8mandos</manvolnum></citerefentry>,
877
884
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
878
885
<manvolnum>8mandos</manvolnum></citerefentry>