]> Mandos &VERSION; &TIMESTAMP; Björn Påhlsson

belorn@fukt.bsnet.se

Teddy Hogeborn

teddy@fukt.bsnet.se

2008 Teddy Hogeborn Björn Påhlsson &COMMANDNAME; 8mandos &COMMANDNAME; Run Mandos plugins. Pass data from first succesful one. &COMMANDNAME; --global-env=VAR=value -G VAR=value --env-for=PLUGIN:ENV=value -E PLUGIN:ENV=value --global-options=OPTIONS -g OPTIONS --options-for=PLUGIN:OPTIONS -o PLUGIN:OPTIONS --disable=PLUGIN -d PLUGIN --enable=PLUGIN -e PLUGIN --groupid=ID --userid=ID --plugin-dir=DIRECTORY --config-file=FILE --debug &COMMANDNAME; --help -? &COMMANDNAME; --usage &COMMANDNAME; --version -V &COMMANDNAME; is a program which is meant to be specified as keyscript in crypttab 5 for the root disk. The aim of this program is therefore to output a password, which then cryptsetup 8 will use to try and unlock the root disk. This program is not meant to be invoked directly, but can be in order to test it. Note that any password obtained will simply be output on standard output. The purpose of this is to enable remote and unattended rebooting of client host computer with an encrypted root file system. See for details. --global-env VAR=value -e VAR=value This option will add an environment variable setting to all plugins. This will override any inherited environment variable. --env-for PLUGIN:ENV=value -f PLUGIN:ENV=value This option will add an environment variable setting to the PLUGIN plugin. This will override any inherited environment variables or environment variables specified using --global-env. --global-options OPTIONS -g OPTIONS Pass some options to all plugins. OPTIONS is a comma separated list of options. This is not a very useful option, except for specifying the --debug for all plugins. --options-for PLUGIN:OPTION -o PLUGIN:OPTION Pass some options to a specific plugin. PLUGIN is the name (file basename) of a plugin, and OPTIONS is a comma separated list of options. Note that since options are not split on whitespace, the way to pass, to the plugin foo, the option --bar with the option argument baz is either --options-for=foo:--bar=baz or --options-for=foo:--bar,baz, but not --options-for="foo:--bar baz". --disable PLUGIN -d PLUGIN Disable the plugin named PLUGIN. The plugin will not be started. --enable PLUGIN -e PLUGIN Re-enable the plugin named PLUGIN. This is only useful to undo a previous --disable option, maybe from the config file. --groupid ID Change to group ID ID on startup. The default is 65534. All plugins will be started using this group ID. Note: This must be a number, not a name. --userid ID Change to user ID ID on startup. The default is 65534. All plugins will be started using this user ID. Note: This must be a number, not a name. --plugin-dir DIRECTORY Specify a different plugin directory. The default is /lib/mandos/plugins.d, which will exist in the initial RAM disk environment. --config-file FILE Specify a different file to read additional options from. See . Other command line options will override options specified in the file. --debug Enable debug mode. This will enable a lot of output to standard error about what the program is doing. The program will still perform all other functions normally. The default is to not run in debug mode. The plugins will not be affected by this option. Use --global-options=--debug if complete debugging eruption is desired. --help -? Gives a help message about options and their meanings. --usage Gives a short usage message. --version -V Prints the program version. This program will run on the client side in the initial RAM disk environment, and is responsible for getting a password. It does this by running plugins, one of which will normally be the actual client program communicating with the server. This program will get a password by running a number of plugins, which are simply executable programs in a directory in the initial RAM disk environment. The default directory is /lib/mandos/plugins.d, but this can be changed with the --plugin-dir option. The plugins are started in parallel, and the first plugin to output a password and exit with a successful exit code will make this plugin-runner output the password from that plugin, stop any other plugins, and exit. If no plugins succeed, this program will, as a fallback, ask for a password on the console using getpass3, and output it. This is not meant to be the normal mode of operation, as there is a separate plugin for getting a password from the console. Exit status of this program is zero if no errors were encountered, and otherwise not. The fallback (see ) may or may not have succeeded in either case. This program does not use any environment variables itself, it only passes on its environment to all the plugins. The environment passed to plugins can be modified using the --global-env and --env-for optins. /conf/conf.d/mandos/plugin-runner.conf Since this program will be run as a keyscript, there is little to no opportunity to pass command line arguments to it. Therefore, it will also read this file and use its contents as whitespace-separated command line options. Also, everything from a # character to the end of a line is ignored. This program is meant to run in the initial RAM disk environment, so that is where this file is assumed to exist. The file does not need to exist in the normal file system. This file will be processed before the normal command line options, so the latter can override the former, if need be. This file name is the default; the file to read for arguments can be changed using the --config-file option. cryptsetup 8, mandos 8, password-prompt 8mandos, password-request 8mandos