issue2550789 document how to initialize a tracker without exposing the admin password

Author: rouilj

CHANGES.txt

@@ -54,6 +54,8 @@ Features:
 
 Fixed:
 
+- issue2550789: add documentation on how to initialise a tracker
+  without exposing the admin password.
 - issue2550805: Postgres should search title attribute case insensitive 
   like sqlite. Reported and fixed by Tom Ekberg. (Bernhard Reiter)
 - Removed some old left over "rlog" references in documentation and code.

doc/installation.txt

@@ -231,7 +231,10 @@ Configuring your first tracker
       database*. In the case of MySQL and PostgreSQL, any existing database
       will be dropped and re-created.
 
-      Once this is done, the tracker has been created.
+      Once this is done, the tracker has been created. See the note in
+      the user_guide on how to initialise a tracker without being
+      prompted for the password or exposing the password on the command
+      line.
 
 2. At this point, your tracker is set up, but doesn't have a nice user
    interface. To set that up, we need to `configure a web interface`_ and

doc/user_guide.txt

@@ -749,6 +749,21 @@ login may be specified as either "``name``" or "``name:password``".
 If either the name or password is not supplied, they are obtained from
 the command-line.
 
+When you initialise a new tracker instance you are prompted for the
+admin password. If you want to initialise a tracker non-interactively
+you can put the initialise command and password on the commnd
+line. But this allows others on the host to see the password (using
+the ps command). To initialise a tracker non-interactively without
+exposing the password, create a file (e.g init_tracker) set to mode
+600 (so only the owner can read it) with the contents:
+
+   initialise admin_password
+
+and feed it to roundup-admin on standard input. E.G.
+
+  cat init_tracker | roundup-admin -i tracker_dir
+
+(for more details see http://issues.roundup-tracker.org/issue2550789.)
 
 Using with the shell
 --------------------