Manualshelf

Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software
919293949596979899100
9 Determining user roles
EFS consists of three user functions defined as follows:
The system administrator
The user
The key manager
The system administrator role
The system administrator (the root user) performs the following system operations:
1. Creates volumes
2. Creates file system
3. Sets encryption parameters on a directory
The system administrator must use the EFS version of the following commands:
usermod (see The usermod and groupmod commands” (page 122))
userdel (see The userdel and groupdel commands” (page 123))
groupmod (see The usermod and groupmod commands” (page 122))
groupdel (see The userdel and groupdel commands” (page 123))
These commands are located in the /opt/evfs/bin directory.
The system administrator can also perform these additional functions:
Usually, the file owner/group and the file EMD information are synchronized. In the unlikely
event that the file owner/group and the file EMD information are not synchronized, use the
evfsfile sync command to synchronize the information. Only the system administrator is
allowed to perform this function.
For example, when encrypted files are transferred to a different system by various users that
belong to the same group, the DAC owner is different from the EMD owner. To synchronize
the permissions of the file, use the evfsfile sync command.
Backup and restore of EFS volumes
Special consideration is required when backing up EFS files or volume. See “EFS backup and
restore” (page 115) for more information.
See Chapter 10 (page 102) for more information on the operations that the system administrator
can perform.
The user role
The user performs the following file operations:
1. Creates an encryption file
2. Reads from or writes to an encrypted file
3. Changes the file permissions
4. Changes the file owner or group
5. Sets encryption parameters on a directory owned by the user
See Chapter 11 (page 105) for more information on these operations.
The key manager role
The key manager performs the following key operations:
100 Determining user roles