From: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Mon, 29 Jan 2018 19:43:30 +0000 (+0100)
Subject: man: note handling of secret information with permissions
X-Git-Tag: v238~154^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a8d6dbedca703e8f2ed26beb018eeac72a1b0fb1;p=platform%2Fupstream%2Fsystemd.git

man: note handling of secret information with permissions

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---

diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml
index 30a6164..2f67d2f 100644
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@@ -1025,7 +1025,10 @@
           <para>The Base64 encoded private key for the interface. It can be
             generated using the <command>wg genkey</command> command
             (see <citerefentry project="wireguard"><refentrytitle>wg</refentrytitle><manvolnum>8</manvolnum></citerefentry>).
-            This option is mandatory to use WireGuard.</para>
+            This option is mandatory to use WireGuard.
+            Note that because this information is secret, you may want to set
+            the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal>
+            with a <literal>0640</literal> file mode.</para>
         </listitem>
       </varlistentry>
       <varlistentry>
@@ -1070,7 +1073,10 @@
             by the <command>wg genpsk</command> command. This option adds an
             additional layer of symmetric-key cryptography to be mixed into the
             already existing public-key cryptography, for post-quantum
-            resistance.</para>
+            resistance.
+            Note that because this information is secret, you may want to set
+            the permissions of the .netdev file to be owned by <literal>root:systemd-networkd</literal>
+            with a <literal>0640</literal> file mode.</para>
         </listitem>
       </varlistentry>
       <varlistentry>