Next: Signals, Up: Running tinc [Contents][Index]
Besides the settings in the configuration file, tinc also accepts some command line options.
Read configuration options from the directory path. The default is /etc/tinc/netname/.
Don’t fork and detach. This will also disable the automatic restart mechanism for fatal errors.
Set debug level to level. The higher the debug level, the more gets logged. Everything goes via syslog.
Attempt to kill a running tincd (optionally with the specified signal instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. Under native Windows the optional argument is ignored, the service will always be stopped and removed.
Use configuration for net netname. This will let tinc read all configuration files from /etc/tinc/netname/. Specifying . for netname is the same as not specifying any netname. See Multiple networks.
Generate public/private keypair of bits length. If bits is not specified, 2048 is the default. tinc will ask where you want to store the files, but will default to the configuration directory (you can use the -c or -n option in combination with -K). After that, tinc will quit.
Without specifying a HOST, this will set server configuration variable KEY to VALUE. If specified as HOST.KEY=VALUE, this will set the host configuration variable KEY of the host named HOST to VALUE. This option can be used more than once to specify multiple configuration variables.
Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions.
Write log entries to a file instead of to the system logging facility. If file is omitted, the default is /var/log/tinc.netname.log.
Write PID to file instead of /var/run/tinc.netname.pid.
Disables encryption and authentication. Only useful for debugging.
Change process root directory to the directory where the config file is located (/etc/tinc/netname/ as determined by -n/–net option or as given by -c/–config option), for added security. The chroot is performed after all the initialization is done, after writing pid files and opening network sockets.
Note that this option alone does not do any good without -U/–user, below.
Note also that tinc can’t run scripts anymore (such as tinc-down or host-up), unless it’s setup to be runnable inside chroot environment.
Switch to the given user after initialization, at the same time as chroot is performed (see –chroot above). With this option tinc drops privileges, for added security.
Display a short reminder of these runtime options and terminate.
Output version information and exit.
Next: Signals, Up: Running tinc [Contents][Index]