-.Dd 2002-03-25
+.Dd 2011-06-25
.Dt TINCD 8
.\" Manual page created by:
.\" Ivo Timmermans
.Nd tinc VPN daemon
.Sh SYNOPSIS
.Nm
-.Op Fl cdDKnL
+.Op Fl cdDKnLRU
.Op Fl -config Ns = Ns Ar DIR
.Op Fl -no-detach
.Op Fl -debug Ns Op = Ns Ar LEVEL
.Op Fl -mlock
.Op Fl -logfile Ns Op = Ns Ar FILE
.Op Fl -bypass-security
+.Op Fl -chroot
+.Op Fl -user Ns = Ns Ar USER
.Op Fl -help
.Op Fl -version
.Sh DESCRIPTION
.It Fl n, -net Ns = Ns Ar NETNAME
Connect to net
.Ar NETNAME .
+This will let tinc read all configuration files from
+.Pa @sysconfdir@/tinc/ Ar NETNAME .
+Specifying
+.Li .
+for
+.Ar NETNAME
+is the same as not specifying any
+.Ar NETNAME .
.It Fl L, -mlock
Lock tinc into main memory.
This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
.Ar FILE
is omitted, the default is
.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log.
-.It Fl -controlsocket Ns = Ns Ar FILENAME
-Open control socket at
-.Ar FILENAME .
+.It Fl -controlcookie Ns = Ns Ar FILENAME
+Store a cookie in
+.Ar FILENAME
+which allows
+.Xr tincctl 8
+to authenticate.
If
.Ar FILE
is omitted, the default is
-.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .control.
+.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .cookie.
.It Fl -bypass-security
Disables encryption and authentication of the meta protocol.
Only useful for debugging.
+.It Fl R, -chroot
+With this option tinc chroots into the directory where network
+config is located (@sysconfdir@/tinc/NETNAME if -n option is used,
+or to the directory specified with -c option) after initialization.
+.It Fl U, -user Ns = Ns Ar USER
+setuid to the specified
+.Ar USER
+after initialization.
.It Fl -help
Display short list of options.
.It Fl -version
New outgoing connections specified in
.Pa tinc.conf
will be made.
+If the
+.Fl -logfile
+option is used, this will also close and reopen the log file,
+useful when log rotation is used.
.El
.Sh DEBUG LEVELS
The tinc daemon can send a lot of messages to the syslog.
projects / tinc / blobdiff