Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
The following table shows the restrictions for the mv wrapper command:
Destination Directory Encryption:
SourceevfsxfrSession Not ConfiguredConfiguredNot ConfiguredConfigured
Within the Same File SystemAcross Different File Systems
AllowedAllWithAll
Note 2AllowedNoNote 1Encrypted FileWithout
Secure Session
AllowedNote 2AllowedNoCleartext File
Note 2AllowedNoNoEncrypted File
Non-secure
Session
AllowedNote 2AllowedNoCleartext File
Note 1: Only root or the owner of the file can move the encrypted files across file systems.
Note 2: Only moves within the same directory (rename) are allowed.
Example 1
User jsmith enters a secure session and renames an encrypted file:
# id
uid=114(jsmith) gid=20(users)
# evfsauth login
Enter your key passphrase:
You are entering in a secure session. Use "exit" to end the session.
# evfsauth display
User key:
Key name: jsmith.jsmith
# which mv
/opt/evfs/bin/mv
# evfsfile list file1
EFS file information:
EMD Size (Kbytes): 4
Data Encryption Cipher: aes-128-cbc
Owner Key ID: jsmith.jsmith
# mv file1 file1.new
# evfsfile list file1.new
EFS file information:
EMD Size (Kbytes): 4
Data Encryption Cipher: aes-128-cbc
Owner Key ID: jsmith.jsmith
Example 2
User jsmith is not allowed to move an encrypted file to the directory which is not enabled for
encryption:
# mv file1.new /efs/cleardir
mv: file1.new: is encrypted, but /efs/cleardir is not configured for encryption:
Permission denied
Example 3
User jsmith is allowed to rename an encrypted file in a directory not configured for encryption:
# evfsfile list .
evfsfile: list error: "." is not enabled for encryption.
# evfsfile list filex
EFS file information:
EMD Size (Kbytes): 4
Data Encryption Cipher: aes-128-cbc
Owner Key ID: jsmith.jsmith
124 Using EFS