Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

101

102

103

104

105

106

107

108

109

110

9 Determining user roles

EFS consists of three user functions defined as follows:

• The system administrator

• The user

• The key manager

The system administrator role

The system administrator (the root user) performs the following system operations:

1. Creates volumes

2. Creates file system

3. Sets encryption parameters on a directory

The system administrator must use the EFS version of the following commands:

• usermod (see “The usermod and groupmod commands” (page 125))

• userdel (see “The userdel and groupdel commands” (page 126))

• groupmod (see “The usermod and groupmod commands” (page 125))

• groupdel (see “The userdel and groupdel commands” (page 126))

These commands are located in the /opt/evfs/bin directory.

The system administrator can also perform these additional functions:

• Usually, the file owner/group and the file EMD information are synchronized. In the unlikely

event that the file owner/group and the file EMD information are not synchronized, use the

evfsfile sync command to synchronize the information. Only the system administrator is

allowed to perform this function.

For example, when encrypted files are transferred to a different system by various users that

belong to the same group, the DAC owner is different from the EMD owner. To synchronize

the permissions of the file, use the evfsfile sync command.

• Backup and restore of EFS volumes

Special consideration is required when backing up EFS files or volume. For more information,

see “EFS backup and restore” (page 118).

For more information on the operations that the system administrator can perform, see Chapter 10

(page 105).

The user role

The user performs the following file operations:

1. Creates an encryption file

2. Reads from or writes to an encrypted file

3. Changes the file permissions

4. Changes the file owner or group

5. Sets encryption parameters on a directory owned by the user

For more information on these operations, see Chapter 11 (page 108).

The key manager role

The key manager performs the following key operations:

The system administrator role 103