oracular (8) plymouth.8mandos.gz

Provided by: mandos-client_1.8.17-1_amd64 bug

NAME

       plymouth - Mandos plugin to use plymouth to get a password.

SYNOPSIS

       plymouth [--prompt PROMPT] [--debug]

       plymouth {--help | -?}

       plymouth --usage

       plymouth {--version | -V}

DESCRIPTION

       This program prompts for a password using plymouth(8) and outputs any given password to
       standard output. If no plymouth(8) process can be found, this program will immediately
       exit with an exit code indicating failure.

       This program is not very useful on its own. This program is really meant to run as a
       plugin in the Mandos client-side system, where it is used as a fallback and alternative to
       retrieving passwords from a Mandos server.

       If this program is killed (presumably by plugin-runner(8mandos) because some other plugin
       provided the password), it cannot tell plymouth(8) to abort requesting a password, because
       plymouth(8) does not support this. Therefore, this program will then kill the running
       plymouth(8) process and start a new one using the same command line arguments as the old
       one was using.

OPTIONS

       This program is commonly not invoked from the command line; it is normally started by the
       Mandos plugin runner, see plugin-runner(8mandos). Any command line options this program
       accepts are therefore normally provided by the plugin runner, and not directly.

       --prompt=PROMPT
           The password prompt. Note that using this option will make this program ignore the
           cryptsource and crypttarget environment variables.

       --debug
           Enable debug mode. This will enable a lot of output to standard error about what the
           program is doing. The program will still perform all other functions normally.

       --help, -?
           Gives a help message about options and their meanings.

       --usage
           Gives a short usage message.

       --version, -V
           Prints the program version.

EXIT STATUS

       If exit status is 0, the output from the program is the password as it was read.
       Otherwise, if exit status is other than 0, the program was interrupted or encountered an
       error, and any output so far could be corrupt and/or truncated, and should therefore be
       ignored.

ENVIRONMENT

       cryptsource, crypttarget
           If set, and if the --prompt option is not used, these environment variables will be
           assumed to contain the source device name and the target device mapper name,
           respectively, and will be shown as part of the prompt.

           These variables will normally be inherited from plugin-runner(8mandos), which might
           have in turn inherited them from its calling process.

           This behavior is meant to exactly mirror the behavior of askpass, the default password
           prompter from initramfs-tools.

FILES

       /bin/plymouth
           This is the command run to retrieve a password from plymouth(8).

       /proc
           To find the running plymouth(8), this directory will be searched for numeric entries
           which will be assumed to be directories. In all those directories, the exe and cmdline
           entries will be used to determine the name of the running binary, effective user and
           group ID, and the command line arguments. See proc(5).

       /sbin/plymouthd
           This is the name of the binary which will be searched for in the process list. See
           plymouth(8).

BUGS

       Killing the plymouth(8) daemon and starting a new one is ugly, but necessary as long as it
       does not support aborting a password request.

       Please report bugs to the Mandos development mailing list: <mandos-dev@recompile.se>
       (subscription required). Note that this list is public. The developers can be reached
       privately at <mandos@recompile.se> (OpenPGP key fingerprint 153A 37F1 0BBA 0435 987F 2C4A
       7223 2973 CA34 C2C4 for encrypted mail).

EXAMPLE

       Note that normally, this program will not be invoked directly, but instead started by the
       Mandos plugin-runner(8mandos).

       Normal invocation needs no options:

       plymouth

       Show a different prompt.

       plymouth --prompt=Password

SECURITY

       If this program is killed by a signal, it will kill the process ID which at the start of
       this program was determined to run plymouth(8) as root (see also the section called
       “FILES”). There is a very slight risk that, in the time between those events, that process
       ID was freed and then taken up by another process; the wrong process would then be killed.
       Now, this program can only be killed by the user who started it; see plugin-
       runner(8mandos). This program should therefore be started by a completely separate
       non-privileged user, and no other programs should be allowed to run as that special user.
       This means that it is not recommended to use the user "nobody" to start this program, as
       other possibly less trusted programs could be running as "nobody", and they would then be
       able to kill this program, triggering the killing of the process ID which may or may not
       be plymouth(8).

       The only other thing that could be considered worthy of note is this: This program is
       meant to be run by plugin-runner(8mandos), and will, when run standalone, outside, in a
       normal environment, immediately output on its standard output any presumably secret
       password it just received. Therefore, when running this program standalone (which should
       never normally be done), take care not to type in any real secret password by force of
       habit, since it would then immediately be shown as output.

SEE ALSO

       intro(8mandos), plugin-runner(8mandos), proc(5), plymouth(8)

       Copyright © 2010-2019 Teddy Hogeborn, Björn Påhlsson

       This manual page is part of Mandos.

       Mandos is free software: you can redistribute it and/or modify it under the terms of the
       GNU General Public License as published by the Free Software Foundation, either version 3
       of the License, or (at your option) any later version.

       Mandos is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU General Public License for more details.

       You should have received a copy of the GNU General Public License along with Mandos. If
       not, see http://www.gnu.org/licenses/.