From 0f498df47071efd7b9150c5869e1a41d64f6ddbb Mon Sep 17 00:00:00 2001 From: Leo Date: Mon, 7 Dec 2020 21:28:33 +0100 Subject: [PATCH] Update operations.md --- docs/operations.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/operations.md b/docs/operations.md index e5bcdd2f7..eadf35100 100644 --- a/docs/operations.md +++ b/docs/operations.md @@ -103,7 +103,9 @@ To generate a guardian key, install guardiand first. If you generate the key on compile guardiand only, without compiling the agent or installing it: make bridge - sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand + sudo setcap cap_ipc_lock=+ep ./build/bin/ + +Otherwise, use the same guardiand binary that you compiled using the regular instructions above. Generate a new key using the `keygen` subcommand: @@ -113,7 +115,7 @@ The key file includes a human-readable part that includes the public key and the ## Deploying -We strongly recommend a separate user and systemd services for both services. +We strongly recommend a separate user and systemd services for the Wormhole services. Example systemd unit for `guardiand.service`, including the right capabilities and best-practice security mitigations: