# Example PWMD configuration file. Edit and save to ~/.pwmd/config or # specify with the -f command line option. See the pwmd(1) manual page for # complete details of the options. # # The global section is for non-file related settings and defaults for data # files without a file section. [global] # Location of the listening socket. #socket_path=~/.pwmd/socket # Socket permissions. This will override any umask setting. #socket_perms=0600 # Usernames or groups obtained via SO_PEERCRED which are allowed to # connect to the socket. Groups should be prefixed with a '@'. When not # specified only the invoking user is allowed. #allowed = username,another_user,@group # Where data files will be read and stored. #data_directory=~/.pwmd/data # When false, disable keeping backups for data files. #backup=true # Log file location. #log_path=~/.pwmd/log # Set to true to enable logging to log_path. #enable_logging=false # Set to true to enable logging to syslog. #syslog=false # The logging level: 0=connections and errors, 1=client commands, 2=client # commands with command arguments. #log_level=0 # When set, enable protocol debugging to the specified file. Note that this # logs all protocol IO so it may also log sensitive data. #debug_file=~/pwmd.log # Set to false to call mlockall(2) after a client connects. Uses alot more # memory but is also more secure. Most will probably find it overkill since # the contents of all memory is cleared before being freed. Note that this # doesn't affect the file cache which is always stored in RAM (if possible). #disable_mlockall=true # Disable the XPATH, LIST and DUMP commands. When "true" and a client sends # these commands the error GPG_ERR_NOT_IMPLEMENTED will be returned. #disable_list_and_dump=false # The number of encryption iterations for new files. This is the number of # times the data will be encrypted. Setting this to a high value (10000 or # more, depending on the size of the data file) will slow down dictionary # attacks. Setting to 0 will disable encryption. #iterations=1 # After the set number of encryption or decryption iterations have been # processed, a status message with the keyword ENCRYPT or DECRYPT will be # sent to the client. Set to 0 to disable. #iteration_progress=0 # When sending data to the client an XFER status message will be sent after # N bytes. N is rounded to ASSUAN_LINELENGTH (1002) bytes. #xfer_progress=8196 # A list of filenames separated by commas to add to the file cache upon # startup. You will be prompted for the key for each file if required. The # files are looked for in data_directory. #cache_push=somefile,anotherfile # The number of seconds to keep a file in the cache. If -1, the file will be # kept forever. If 0 then every OPEN and SAVE command will require a key. #cache_timeout=-1 # Set to false to disable use of pinentry to retrieve keys. #enable_pinentry=true # The full path to the pinentry binary. The default is specified at compile # time. #pinentry_path=/usr/bin/pinentry # Seconds until the pinentry dialog times out. Set to 0 to wait for input # forever. #pinentry_timeout=20 # The default compression level for data files from 1 to 9, 1 being the # fastest but least compression and 9 being the slowest but best compression. # To disable compression entirely, set to 0. #compression_level=6 # The input and output buffer size when compressing and decompressing. This # affects how often the COMPRESS and DECOMPRESS status messages are sent and # also affects compression quality. Set to a higher value for larger files. #zlib_bufsize=65536 # The maximum recursion depth when resolving elements that contain a "target" # attribute. When this value is exceeded an error will be returned. #recursion_depth=20 # The priority or nice value of the server process. The default is inherited # from the parent process. #priority=10 # The cipher to use for newly created files. #cipher=aes256 # END GLOBAL SETTINGS # File specific settings are allowed by placing the filename in braces. Each # file can have it's own configuration settings from those listed below. #[somefile] #cache_timeout=300 #iteration_progress=0 #key=password #key_file=/path/to/file.key #compression_level=0 #enable_pinentry=true #pinentry_timeout=20 #backup=true