From a8d6dbedca703e8f2ed26beb018eeac72a1b0fb1 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Mon, 29 Jan 2018 20:43:30 +0100 Subject: [PATCH] man: note handling of secret information with permissions Signed-off-by: Jason A. Donenfeld --- man/systemd.netdev.xml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/man/systemd.netdev.xml b/man/systemd.netdev.xml index 30a6164166b..2f67d2f2230 100644 --- a/man/systemd.netdev.xml +++ b/man/systemd.netdev.xml @@ -1025,7 +1025,10 @@ The Base64 encoded private key for the interface. It can be generated using the wg genkey command (see wg8). - This option is mandatory to use WireGuard. + This option is mandatory to use WireGuard. + Note that because this information is secret, you may want to set + the permissions of the .netdev file to be owned by root:systemd-networkd + with a 0640 file mode. @@ -1070,7 +1073,10 @@ by the wg genpsk command. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum - resistance. + resistance. + Note that because this information is secret, you may want to set + the permissions of the .netdev file to be owned by root:systemd-networkd + with a 0640 file mode.