doc/knotc: mention the necessary directory permissions for zone-flush, zone-backup...

diff --git a/doc/man/knotc.8in b/doc/man/knotc.8in
index 0a5d4cac6cd8c8d3f7410f22e44d6bbeead0a894..116085115d924b879aebd85c1c000f9ab579bf01 100644 (file)
--- a/doc/man/knotc.8in
+++ b/doc/man/knotc.8in
@@ -128,7 +128,8 @@ offline. (#)
 \fBzone\-flush\fP [\fIzone\fP\&...] [\fB+outdir\fP \fIdirectory\fP]
 Trigger a zone journal flush to the configured zone file. If an output
 directory is specified, the current zone is immediately dumped (in the
-blocking mode) to a zone file in the specified directory. (#)
+blocking mode) to a zone file in the specified directory. See
+\fI\%Notes\fP below about the directory permissions. (#)
 .TP
 \fBzone\-backup\fP [\fIzone\fP\&...] \fB+backupdir\fP \fIdirectory\fP [\fIfilter\fP\&...]
 Trigger a zone data and metadata backup to a specified directory.
@@ -141,13 +142,15 @@ or omitted from the backup. By default, filters \fB+zonefile\fP, \fB+timers\fP,
 \fB+kaspdb\fP, \fB+catalog\fP, and \fB+nojournal\fP are set. Setting a filter
 for an item doesn\(aqt change default settings for other items. If zone flushing
 is disabled, original zone file is backed up instead of writing out zone
-contents to a file. (#)
+contents to a file. See \fI\%Notes\fP below about the directory
+permissions. (#)
 .TP
 \fBzone\-restore\fP [\fIzone\fP\&...] \fB+backupdir\fP \fIdirectory\fP [\fIfilter\fP\&...]
 Trigger a zone data and metadata restore from a specified backup directory.
 Optional filters are equivalent to the same filters of \fBzone\-backup\fP\&.
 Restore from backups created by Knot DNS releases prior to 3.1 is possible
-with the force option. (#)
+with the force option. See \fI\%Notes\fP below about the directory
+permissions. (#)
 .TP
 \fBzone\-sign\fP [\fIzone\fP\&...]
 Trigger a DNSSEC re\-sign of the zone. Existing signatures will be dropped.
@@ -259,7 +262,7 @@ Set the item data in the transaction.
 \fBconf\-unset\fP [\fIitem\fP] [\fIdata\fP\&...]
 Unset the item data in the transaction.
 .UNINDENT
-.SS Note
+.SS Notes
 .sp
 Empty or \fB\-\-\fP \fIzone\fP parameter means all zones or all zones with a transaction.
 .sp
@@ -285,6 +288,11 @@ The \fIOK\fP response to triggering commands means that the command has been suc
 sent to the server. To verify if the operation succeeded, it\(aqs necessary to
 check the server log.
 .UNINDENT
+.sp
+Actions \fBzone\-flush\fP, \fBzone\-backup\fP, and \fBzone\-restore\fP are carried out by
+the \fIknotd\fP process. The directory specified must be accessible to the user account
+that \fIknotd\fP runs under and if the directory already exists, its permissions must be
+appropriate for that user account.
 .SS Interactive mode
 .sp
 The utility provides interactive mode with basic line editing functionality,

diff --git a/doc/man_knotc.rst b/doc/man_knotc.rst
index e992f2aba7cf2d4c73c104d6ad7d82b4a8f9e6e1..f362c239baa534a0615614dc27c13a00cf476c0d 100644 (file)
--- a/doc/man_knotc.rst
+++ b/doc/man_knotc.rst
@@ -105,7 +105,8 @@ Actions
 **zone-flush** [*zone*...] [**+outdir** *directory*]
   Trigger a zone journal flush to the configured zone file. If an output
   directory is specified, the current zone is immediately dumped (in the
-  blocking mode) to a zone file in the specified directory. (#)
+  blocking mode) to a zone file in the specified directory. See
+  :ref:`Notes<notes>` below about the directory permissions. (#)
 
 **zone-backup** [*zone*...] **+backupdir** *directory* [*filter*...]
   Trigger a zone data and metadata backup to a specified directory.
@@ -118,13 +119,15 @@ Actions
   **+kaspdb**, **+catalog**, and **+nojournal** are set. Setting a filter
   for an item doesn't change default settings for other items. If zone flushing
   is disabled, original zone file is backed up instead of writing out zone
-  contents to a file. (#)
+  contents to a file. See :ref:`Notes<notes>` below about the directory
+  permissions. (#)
 
 **zone-restore** [*zone*...] **+backupdir** *directory* [*filter*...]
   Trigger a zone data and metadata restore from a specified backup directory.
   Optional filters are equivalent to the same filters of **zone-backup**.
   Restore from backups created by Knot DNS releases prior to 3.1 is possible
-  with the force option. (#)
+  with the force option. See :ref:`Notes<notes>` below about the directory
+  permissions. (#)
 
 **zone-sign** [*zone*...]
   Trigger a DNSSEC re-sign of the zone. Existing signatures will be dropped.
@@ -236,8 +239,10 @@ Actions
 **conf-unset** [*item*] [*data*...]
   Unset the item data in the transaction.
 
-Note
-....
+.. _notes:
+
+Notes
+.....
 
 Empty or **--** *zone* parameter means all zones or all zones with a transaction.
 
@@ -262,6 +267,11 @@ Responses returned by *knotc* commands depend on the mode:
   sent to the server. To verify if the operation succeeded, it's necessary to
   check the server log.
 
+Actions **zone-flush**, **zone-backup**, and **zone-restore** are carried out by
+the `knotd` process. The directory specified must be accessible to the user account
+that `knotd` runs under and if the directory already exists, its permissions must be
+appropriate for that user account.
+
 Interactive mode
 ................