Encrypted Volume and File System v1.1 Administrator's Guide
Table 1-1 Key Types and User Capabilities
CapabilitiesKey Type/User Type
Any user with superuser privileges or the appropriate
privileges and file permissions can perform the following
tasks (no EVFS key is required):
• Start or stop the EVFS subsystem
• Map volumes to EVFS (create EVFS device files)
• Create EVFS volumes
• Create user keys for other users
• Display information about EVFS volumes
• Restore an EVFS volume's EMD
Superuser or appropriate privileges and file permissions
for the device files
If a user has the owner key for an EVFS volume and the
appropriate file permissions for the device file, the user
can perform the following tasks:
• Enable and disable EVFS volumes
• Add and remove authorized user keys to EVFS
volumes
• Change the owner of an EVFS volume
• Destroy an EVFS volume (remove the EMD; the data
is irrecoverable)
The user can also perform tasks that do not require EVFS
keys, such as displaying information about EVFS volumes.
Owner Key
If a user has the recovery key for an EVFS volume and
the appropriate file permissions for the device file, the
user can change the owner of an EVFS volume.
The user can also perform tasks that do not require EVFS
keys, such as displaying information about EVFS volumes.
Recovery Key
If a user has an authorized user key for an EVFS volume
and the appropriate file permissions for the device file,
the user can enable and disable EVFS volumes (note that
some backup procedures require the user to disable and
enable the volume).
The user can also perform tasks that do not require EVFS
keys, such as displaying information about EVFS volumes.
authorized user Key
EVFS Commands
EVFS provides the following commands to configure and manage EVFS:
• evfsadm
The evfsadm utility manages the EVFS subsystem and creates device files for EVFS volumes.
• evfspkey
The evfspkey utility creates, stores, and manages EVFS user keys.
• evfsvol
The evfsvol utility configures and manages the EVFS volumes.
EVFS Architecture 25