Encrypted Volume and File System v1.1 Administrator's Guide

1. Verify the directory structure for the key database, and re-create it if necessary. By default,

EVFS stores the user key database in subdirectories below the /etc/evfs/pkey directory,

with a subdirectory for each user. The administrator can configure alternate database

directory or directories using the pkey attribute in the /etc/evfs/evfs.conf file.

HP recommends that the primary directory is writable only by superusers. For example,

the /etc/evfs/pkey directory is installed with the following permissions, owner, and

group:

drwxr-xr-x 4 bin bin 96 Mar 16 17:26 pkey

If you configure a fallback directory to allow users without superuser privileges to create

keys, the fallback directory must allow the appropriate users to read, write, and execute the

contents.

2. Create the appropriate directory for each user, such as /etc/evfs/pkey/root. Each

directory must have the following permissions, owner, and group:

drwxr-xr-x 2 user sys 96 Mar 16 17:27 user

3. Create a directory to store the recovery keys. If you are using the default name for the EVFS

pseudo-user account and the default key storage directory, create the

/etc/evfs/pkey/evfs directory (or a subdirectory under the key storage directory using

the EVFS pseudo-user name) with the following permissions, owner, and group:

drwxr-xr-x 2 bin bin 96 Mar 16 17:27 evfs

Managing EVFS Keys and Users 85