From 5cd5fa72f64fdff08c0ab2350c56f1b83cf89905 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat@koumbit.org>
Date: Mon, 19 Oct 2015 11:29:22 -0400
Subject: [PATCH] warn users about the environment on multi-user systems

---
 docs/faq.rst        | 5 +++++
 docs/quickstart.rst | 7 ++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docs/faq.rst b/docs/faq.rst
index 91306a0bc..c1745a130 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -81,6 +81,11 @@ automated encrypted backups. Another option is to use
 key file based encryption with a blank passphrase. See
 :ref:`encrypted_repos` for more details.
 
+.. caution:: When passing the passphrase through the environment, the
+             passphrase can be read by any user on the same system, so
+             the use of this technique is strongly discouraged on
+             multi-user systems.
+
 When backing up to remote encrypted repos, is encryption done locally?
 ----------------------------------------------------------------------
      
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
index 9ad86d5e2..ff3aa80ea 100644
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@@ -150,7 +150,12 @@ by providing the correct passphrase.
 For automated backups the passphrase can be specified using the
 `BORG_PASSPHRASE` environment variable.
 
-**The repository data is totally inaccessible without the key:**
+.. caution:: When passing the passphrase through the environment, the
+             passphrase can be read by any user on the same system, so
+             the use of this technique is strongly discouraged on
+             multi-user systems.
+
+.. important:: The repository data is totally inaccessible without the key:**
     Make a backup copy of the key file (``keyfile`` mode) or repo config
     file (``repokey`` mode) and keep it at a safe place, so you still have
     the key in case it gets corrupted or lost.