Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Encrypted Volume and File System Software

121

122

123

124

125

126

127

128

129

130

Example 5

When not in a secure session, user jsmith uses the evfsxfr cp command to copy a clear file

into a directory configured for encryption. The target file remains clear:

# pwd

/efs/jsmith

# evfsfile list .

EFS directory information:

Data Encryption Cipher: aes-128-cbc

# evfsxfr cp /efs/cleardir/fileb .

# evfsfile list fileb

evfsfile: list error: "fileb" is not an encrypted file.

# more fileb

this is 3rd test

The chown and chgrp commands

The chown wrapper command changes the owner ID of each encrypted file to the specified owner

and, optionally, the group ID of each encrypted file to the specified group. The chgrp wrapper

command changes the group ID of each encrypted file to the specified group. These wrapper

commands do not support the -R and –h options.

Only the owner of the encrypted files can use these commands to change the owner or group

permissions. To run these commands, the user should be in a secure session and new owner/group

keys should be available. the root user can run these commands with the evfsxfr command

to change the owner or group permissions.

The chown and chgrp wrapper commands change both DAC permissions and EVFS permissions

of encrypted files. Other users are not allowed to change the EVFS file permissions using these

wrapper commands.

The following table shows the restrictions for the chown and chgrp wrapper commands:

File Owner

root

(Super User)

evfsxfrSession

NoAllowedWith

Secure Session

AllowedNoWithout

NoAllowedWith

Non-secure Session

NoNoWithout

Example 1

User jsmith enters a secure session and changes the file owner of an encrypted file to another

user who has a key:

# evfsauth login

Enter your key passphrase:

You are entering in a secure session. Use "exit" to end the session.

# ll filea

-rw-rw-rw- 1 jsmith users 15 Jul 30 15:40 filea

# evfsfile list filea

EFS file information:

EMD Size (Kbytes): 4

Data Encryption Cipher: aes-128-cbc

Owner Key ID: jsmith.jsmith

# which chown

/opt/evfs/bin/chown

# chown usera filea

# evfsfile list filea

EFS file information:

EMD Size (Kbytes): 4

122 Using EFS