diff options
| author | Jakob Unterwurzacher | 2017-06-20 19:49:18 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2017-06-20 19:49:18 +0200 |
| commit | bfe421b32704e92075668adafc14424223b55b27 (patch) | |
| tree | 1b5a279419b833981353698e2791cb94dcd63962 | |
| parent | f3965a4e4c0ee02a74a9d21b7b49ac2515c2b212 (diff) | |
MANPAGE: reorder options to match "-hh" output; add "-hkdf", "-trace"
| -rw-r--r-- | Documentation/MANPAGE.md | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index 119a3cb..e4ec8d9 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -61,6 +61,17 @@ to mount the gocryptfs filesytem without user interaction. Stay in the foreground instead of forking away. Implies "-nosyslog". For compatability, "-f" is also accepted, but "-fg" is preferred. +#### -force_owner string +If given a string of the form "uid:gid" (where both "uid" and "gid" are +substituted with positive integers), presents all files as owned by the given +uid and gid, regardless of their actual ownership. Implies "allow_other". + +This is rarely desired behavior: One should *usually* run gocryptfs as the +account which owns the backing-store files, which should *usually* be one and +the same with the account intended to access the decrypted content. An example +of a case where this may be useful is a situation where content is stored on a +filesystem that doesn't properly support UNIX ownership and permissions. + #### -forcedecode Force decode of encrypted files even if the integrity check fails, instead of failing with an IO error. Warning messages are still printed to syslog if corrupted @@ -78,17 +89,6 @@ that uses built-in Go crypto. Setting this option forces the filesystem to read-only and noexec. -#### -force_owner string -If given a string of the form "uid:gid" (where both "uid" and "gid" are -substituted with positive integers), presents all files as owned by the given -uid and gid, regardless of their actual ownership. Implies "allow_other". - -This is rarely desired behavior: One should *usually* run gocryptfs as the -account which owns the backing-store files, which should *usually* be one and -the same with the account intended to access the decrypted content. An example -of a case where this may be useful is a situation where content is stored on a -filesystem that doesn't properly support UNIX ownership and permissions. - #### -fsname string Override the filesystem name (first column in df -T). Can also be passed as "-o fsname=" and is equivalent to libfuse's option of the @@ -103,6 +103,10 @@ Print a short help text that shows the more-often used options. #### -hh Long help text, shows all available options. +#### -hkdf +Use HKDF to derive separate keys for content and name encryption from +the master key. + #### -info Pretty-print the contents of the config file for human consumption, stripping out sensitive data. @@ -244,6 +248,9 @@ Run crypto speed test. Benchmark Go's built-in GCM against OpenSSL (if available). The library that will be selected on "-openssl=auto" (the default) is marked as such. +#### -trace string +Write execution trace to file. View the trace using "go tool trace FILE". + #### -version Print version and exit. The output contains three fields seperated by ";". Example: "gocryptfs v1.1.1-5-g75b776c; go-fuse 6b801d3; 2016-11-01 go1.7.3". |