warn users about the environment on multi-user systems

2015-10-19 11:29:22 -04:00 · 2015-10-19 11:29:22 -04:00 · 5cd5fa72f6
parent 3d906ab731
commit 5cd5fa72f6
2 changed files with 11 additions and 1 deletions
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -81,6 +81,11 @@ automated encrypted backups. Another option is to use
 key file based encryption with a blank passphrase. See
 :ref:`encrypted_repos` for more details.

+.. caution:: When passing the passphrase through the environment, the
+             passphrase can be read by any user on the same system, so
+             the use of this technique is strongly discouraged on
+             multi-user systems.
+
 When backing up to remote encrypted repos, is encryption done locally?
 ----------------------------------------------------------------------
     
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@ -150,7 +150,12 @@ by providing the correct passphrase.
 For automated backups the passphrase can be specified using the
 `BORG_PASSPHRASE` environment variable.

-**The repository data is totally inaccessible without the key:**
+.. caution:: When passing the passphrase through the environment, the
+             passphrase can be read by any user on the same system, so
+             the use of this technique is strongly discouraged on
+             multi-user systems.
+
+.. important:: The repository data is totally inaccessible without the key:**
    Make a backup copy of the key file (``keyfile`` mode) or repo config
    file (``repokey`` mode) and keep it at a safe place, so you still have
    the key in case it gets corrupted or lost.