Add recommendation for using a private repository

This commit is contained in:
Tim Byrne 2015-07-17 02:29:20 -05:00
parent 2ede46f5e4
commit 135ed8d4b7
2 changed files with 8 additions and 3 deletions

3
yadm.1
View File

@ -336,6 +336,9 @@ and provide the correct password.
After files are decrypted, permissions are automatically updated as described After files are decrypted, permissions are automatically updated as described
in the PERMISSIONS section. in the PERMISSIONS section.
.BR NOTE :
It is recommended that you keep confidential files in a private repository,
even though they are encrypted.
.SH PERMISSIONS .SH PERMISSIONS
When files are checked out of a Git repository, their initial permissions are When files are checked out of a Git repository, their initial permissions are
dependent upon the user's umask. This can result in confidential files with lax permissions. dependent upon the user's umask. This can result in confidential files with lax permissions.

View File

@ -214,14 +214,16 @@
provide the correct password. After files are decrypted, permissions provide the correct password. After files are decrypted, permissions
are automatically updated as described in the PERMISSIONS section. are automatically updated as described in the PERMISSIONS section.
NOTE: It is recommended that you keep confidential files in a private
repository, even though they are encrypted.
## PERMISSIONS ## PERMISSIONS
When files are checked out of a Git repository, their initial permis- When files are checked out of a Git repository, their initial permis-
sions are dependent upon the user's umask. This can result in confiden- sions are dependent upon the user's umask. This can result in confiden-
tial files with lax permissions. tial files with lax permissions.
To prevent this, yadm will automatically update the permissions of con- To prevent this, yadm will automatically update the permissions of con-
fidential files. The "group" and "others" permissions will be removed fidential files. The "group" and "others" permissions will be removed
from the following files: from the following files:
- $HOME/.yadm/files.gpg - $HOME/.yadm/files.gpg
@ -231,7 +233,7 @@
- The SSH directory and files, .ssh/* - The SSH directory and files, .ssh/*
yadm will automatically update permissions by default. This can be dis- yadm will automatically update permissions by default. This can be dis-
abled using the yadm.auto-perms configuration. Even if disabled, per- abled using the yadm.auto-perms configuration. Even if disabled, per-
missions can be manually updated by running yadm perms. The SSH direc- missions can be manually updated by running yadm perms. The SSH direc-
tory processing can be disabled using the yadm.ssh-perms configuration. tory processing can be disabled using the yadm.ssh-perms configuration.