MANPAGE: prettify plain-text formatting
This commit is contained in:
parent
ceec46c1c1
commit
86afaee200
|
@ -1,6 +1,6 @@
|
|||
% GOCRYPTFS(1)
|
||||
% github.com/rfjakob
|
||||
% May 2016
|
||||
% Oct 2016
|
||||
|
||||
NAME
|
||||
====
|
||||
|
@ -32,14 +32,14 @@ Options:
|
|||
|
||||
**-aessiv**
|
||||
: Use the AES-SIV encryption mode. This is slower than GCM but is
|
||||
secure with deterministic nonces as used in "-reverse" mode.
|
||||
secure with deterministic nonces as used in "-reverse" mode.
|
||||
|
||||
**-allow_other**
|
||||
: By default, the Linux kernel prevents any other user (even root) to
|
||||
access a mounted FUSE filesystem. Settings this option allows access for
|
||||
other users, subject to file permission checking. Only works if
|
||||
user_allow_other is set in /etc/fuse.conf. This option is equivalent to
|
||||
"allow_other" plus "default_permissions" described in fuse(8).
|
||||
access a mounted FUSE filesystem. Settings this option allows access for
|
||||
other users, subject to file permission checking. Only works if
|
||||
user_allow_other is set in /etc/fuse.conf. This option is equivalent to
|
||||
"allow_other" plus "default_permissions" described in fuse(8).
|
||||
|
||||
**-config string**
|
||||
: Use specified config file instead of CIPHERDIR/gocryptfs.conf
|
||||
|
@ -52,9 +52,9 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
|
|||
|
||||
**-extpass string**
|
||||
: Use an external program (like ssh-askpass) for the password prompt.
|
||||
The program should return the password on stdout, a trailing newline is
|
||||
stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
|
||||
to mount the gocryptfs filesytem without user interaction.
|
||||
The program should return the password on stdout, a trailing newline is
|
||||
stripped by gocryptfs. Using something like "cat /mypassword.txt" allows
|
||||
to mount the gocryptfs filesytem without user interaction.
|
||||
|
||||
**-f**
|
||||
: Stay in the foreground instead of forking away. Implies "-nosyslog".
|
||||
|
@ -66,67 +66,68 @@ to mount the gocryptfs filesytem without user interaction.
|
|||
: Initialize encrypted directory
|
||||
|
||||
**-ko**
|
||||
: Pass additonal mount options to the kernel (comma-separated list).
|
||||
FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
|
||||
runs as root, you can enable device files by passing the opposite mount option,
|
||||
"dev", and if you want to enable suid-binaries, pass "suid".
|
||||
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
|
||||
interesting. For a complete list see the section
|
||||
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
|
||||
: Pass additonal mount options to the kernel (comma-separated list).
|
||||
FUSE filesystems are mounted with "nodev,nosuid" by default. If gocryptfs
|
||||
runs as root, you can enable device files by passing the opposite mount option,
|
||||
"dev", and if you want to enable suid-binaries, pass "suid".
|
||||
"ro" (equivalent to passing the "-ro" option) and "noexec" may also be
|
||||
interesting. For a complete list see the section
|
||||
`FILESYSTEM-INDEPENDENT MOUNT OPTIONS` in mount(8).
|
||||
|
||||
**-longnames**
|
||||
: Store names longer than 176 bytes in extra files (default true)
|
||||
This flag is useful when recovering old gocryptfs filesystems using
|
||||
"-masterkey". It is ignored (stays at the default) otherwise.
|
||||
This flag is useful when recovering old gocryptfs filesystems using
|
||||
"-masterkey". It is ignored (stays at the default) otherwise.
|
||||
|
||||
**-masterkey string**
|
||||
: Use a explicit master key specified on the command line. This
|
||||
option can be used to mount a gocryptfs filesystem without a config file.
|
||||
Note that the command line, and with it the master key, is visible to
|
||||
anybody on the machine who can execute "ps -auxwww".
|
||||
This is meant as a recovery option for emergencies, such as if you have
|
||||
forgotten your password.
|
||||
option can be used to mount a gocryptfs filesystem without a config file.
|
||||
Note that the command line, and with it the master key, is visible to
|
||||
anybody on the machine who can execute "ps -auxwww".
|
||||
This is meant as a recovery option for emergencies, such as if you have
|
||||
forgotten your password.
|
||||
|
||||
Example master key: 6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
|
||||
Example master key:
|
||||
6f717d8b-6b5f8e8a-fd0aa206-778ec093-62c5669b-abd229cd-241e00cd-b4d6713d
|
||||
|
||||
**-memprofile string**
|
||||
: Write memory profile to specified file. This is useful when debugging
|
||||
memory usage of gocryptfs.
|
||||
: Write memory profile to the specified file. This is useful when debugging
|
||||
memory usage of gocryptfs.
|
||||
|
||||
**-nonempty**
|
||||
: Allow mounting over non-empty directories. FUSE by default disallows
|
||||
this to prevent accidential shadowing of files.
|
||||
this to prevent accidential shadowing of files.
|
||||
|
||||
**-nosyslog**
|
||||
: Diagnostic messages are normally redirected to syslog once gocryptfs
|
||||
daemonizes. This option disables the redirection and messages will
|
||||
continue be printed to stdout and stderr.
|
||||
daemonizes. This option disables the redirection and messages will
|
||||
continue be printed to stdout and stderr.
|
||||
|
||||
**-notifypid int**
|
||||
: Send USR1 to the specified process after successful mount. This is
|
||||
used internally for daemonization.
|
||||
used internally for daemonization.
|
||||
|
||||
**-openssl bool/"auto"**
|
||||
: Use OpenSSL instead of built-in Go crypto (default "auto"). Using
|
||||
built-in crypto is 4x slower unless your CPU has AES instructions and
|
||||
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
|
||||
option.
|
||||
built-in crypto is 4x slower unless your CPU has AES instructions and
|
||||
you are using Go 1.6+. In mode "auto", gocrypts chooses the faster
|
||||
option.
|
||||
|
||||
**-passfile string**
|
||||
: Read password from the specified file. This is a shortcut for
|
||||
specifying "-extpass /bin/cat FILE".
|
||||
specifying "-extpass /bin/cat FILE".
|
||||
|
||||
**-passwd**
|
||||
: Change the password. Will ask for the old password, check if it is
|
||||
correct, and ask for a new one.
|
||||
correct, and ask for a new one.
|
||||
|
||||
This can be used together with `-masterkey` if
|
||||
you forgot the password but know the master key. Note that without the
|
||||
old password, gocryptfs cannot tell if the master key is correct and will
|
||||
overwrite the old one without mercy. It will, however, create a backup copy
|
||||
of the old config file as `gocryptfs.conf.bak`. Delete it after
|
||||
you have verified that you can access your files with the
|
||||
new password.
|
||||
you forgot the password but know the master key. Note that without the
|
||||
old password, gocryptfs cannot tell if the master key is correct and will
|
||||
overwrite the old one without mercy. It will, however, create a backup copy
|
||||
of the old config file as `gocryptfs.conf.bak`. Delete it after
|
||||
you have verified that you can access your files with the
|
||||
new password.
|
||||
|
||||
**-plaintextnames**
|
||||
: Do not encrypt file names and symlink targets
|
||||
|
@ -136,33 +137,34 @@ new password.
|
|||
|
||||
**-reverse**
|
||||
: Reverse mode shows a read-only encrypted view of a plaintext
|
||||
directory. Implies "-aessiv".
|
||||
directory. Implies "-aessiv".
|
||||
|
||||
**-ro**
|
||||
: Mount the filesystem read-only
|
||||
|
||||
**-scryptn int**
|
||||
: scrypt cost parameter logN. Setting this to a lower value speeds up
|
||||
mounting but makes the password susceptible to brute-force attacks (default 16)
|
||||
mounting but makes the password susceptible to brute-force attacks
|
||||
(default 16)
|
||||
|
||||
**-version**
|
||||
: Print version and exit. The output contains three fields seperated by
|
||||
";". Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2".
|
||||
Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
|
||||
library, field 3 is the Go version that was used to compile the binary.
|
||||
: Print version and exit. The output contains three fields seperated by ";".
|
||||
Example: "gocryptfs v0.12-2; go-fuse a4c968c; go1.6.2".
|
||||
Field 1 is the gocryptfs version, field 2 is the version of the go-fuse
|
||||
library, field 3 is the Go version that was used to compile the binary.
|
||||
|
||||
**-wpanic**
|
||||
: When encountering a warning, panic and exit immediately. This is
|
||||
useful in regression testing.
|
||||
useful in regression testing.
|
||||
|
||||
**-zerokey**
|
||||
: Use all-zero dummy master key. This options is only intended for
|
||||
automated testing as it does not provide any security.
|
||||
automated testing as it does not provide any security.
|
||||
|
||||
|
||||
Comma-Separated-Options:
|
||||
|
||||
For compatability with mount(1), options are also accepted as
|
||||
For compatibility with mount(1), options are also accepted as
|
||||
"-o COMMA-SEPARATED-OPTIONS" at the end of the command line.
|
||||
For example, "-o q,zerokey" is equivalent to "-q -zerokey".
|
||||
|
||||
|
|
Loading…
Reference in New Issue