X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=README;h=6a0a97b02ea4199f8bc2c582ee053a6e733e368e;hb=fefdf740a65b0570b21b91a5deb49e8d854cae3f;hp=ee1088a4391d6f358ba4664e19bd546fa86b9932;hpb=8e30fc811afc50bfdb00e366cb1ac00e186b0511;p=nsscash%2Fnsscash.git diff --git a/README b/README index ee1088a..6a0a97b 100644 --- a/README +++ b/README @@ -19,7 +19,8 @@ lookups. To support quick lookups, in O(log n), the files utilize indices. Nsscash is very careful when deploying the changes: - All files are updated using the standard "write to temporary file", "sync", - "rename" steps which is atomic on UNIX file systems. + "rename" steps which is atomic on UNIX file systems. The indices are stored + in the same file preventing stale data during the update. - All errors cause an immediate abort ("fail fast") with a proper error message and a non-zero exit status. This prevents hiding possibly important errors. In addition all files are fetched first and then deployed to try to @@ -28,8 +29,8 @@ Nsscash is very careful when deploying the changes: when all operations were successful. - To prevent unexpected permissions, `nsscash` does not create new files. The user must create them first and `nsscash` will then re-use the permissions - (without the write bits) and owner/group when updating the file (see - examples below). + (without the write bits to discourage manual modifications) and owner/group + when updating the file (see examples below). - To prevent misconfigurations, empty files (no users/groups) are not permitted and will not be written to disk. This is designed to prevent the accidental loss of all users/groups on a system. @@ -55,8 +56,8 @@ nsscash is licensed under AGPL version 3 or later. - github.com/BurntSushi/toml - C compiler, for `libnss_cash.so.2` -Tested on Debian Stretch and Buster, but should work on any GNU/Linux system. -With adapations to the NSS module it should work on any UNIX-like system which +Tested on Debian Buster, but should work on any GNU/Linux system. With +adaptations to the NSS module it should work on any UNIX-like system which uses NSS. @@ -147,6 +148,14 @@ keys are available: - `url`: URL to fetch the file from; HTTP and HTTPS are supported +- `ca`: Path to a custom CA in PEM format. Restricts HTTPS requests to accept + only certificates signed by this CA. Defaults to the system's certificate + store when omitted. + +- `username`/`password`: Username and password sent via HTTP Basic-Auth to the + webserver. The configuration file must not be readable by other users when + this is used. + - `path`: Path to store the retrieved file