Encrypted Volume and File System v2.0 Administrator Guide HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

storage if it is the primary group. If the HP-UX groupdel command is used to delete the group,

the group key and the group access information is not deleted. In that case, the key manager can

delete them using the evfspkey delete –g < group> command.

Example 1

User jsmith has a key pair. The system administrator uses the /opt/evfs/bin/userdel

command to delete the user account and jsmith's user keys:

# id

uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),)

# /opt/evfs/bin/userdel jsmith

Public/Private key pair(s) for user "jsmith" has been successfully deleted.

Example 2

The system administrator deletes the user account jsmith using the HP-UX userdel command

which leaves the user key behind. The user key can be deleted with the evfspkey delete –u

<username> command:

# id

uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail),)

# userdel jsmith

# evfspkey delete -u jsmith

evfspkey: delete warning: user "jsmith" is not found on the system.

Caution: Are you sure you want to delete the "jsmith.jsmith" public/private key pair?

Continuing with this operation will make your data permanently irrecoverable.

Answer [yes/no]:yes

Public/Private key pair "jsmith.jsmith" has been successfully deleted.

Example 3

The group users has a key pair and the group members usera and userb have group access

information to the group users. The system administrator uses the /opt/evfs/bin/groupdel

command to delete the group key and group access information from the key record of its members:

# /opt/evfs/bin/groupdel users

users:

Group access key has been removed from user "usera" key record.

Group access key has been removed from user "userb" key record.

Public/Private key pair for group "users" has been successfully deleted.

Example 4

The system administrator deletes the group using the HP-UX groupmod command that leaves the

group key and access information in its members’ key records. The key manager runs the evfspkey

delete –g <groupname> command to clean up this group’s key information:

# id

uid=0(root) gid=3(sys) groups=0(root),1(other),2(bin),4(adm),5(daemon),6(mail)

# groupdel users

# id

uid=112(keymgr) gid=20(qa)

# evfspkey delete -g users

evfspkey: delete warning: group "users" is not found on the system.

Caution: Are you sure you want to delete the "users.users" public/private key pair?

If you proceed with this operation, the files for the group members will not be sharable.

Answer [yes/no]:yes

users:

Group access key has been removed from user "usera" key record.

Group access key has been removed from user "userb" key record.

Public/Private key pair "users.users" has been successfully deleted.

Using the evfsrun command

The evfsrun command allows the root user to enter another user's secure session to execute

certain applications or commands. Only root can use this command and it requires the user's

stored passphrase.

124 Using EFS