evfs_wrapper.1 (2010 09)
evfs_wrapper(1M)
version 2.0 evfs_wrapper(1M)
(EVFS Software Required)
NAME
evfs_wrapper - a set of wrapper commands to facilitate user/group encrypted data access, and to prevent
unintended decryption of encrypted files
SYNOPSIS
/opt/evfs/bin/cp
/opt/evfs/bin/mv
/opt/evfs/bin/chown
/opt/evfs/bin/chgrp
/opt/evfs/bin/usermod
/opt/evfs/bin/userdel
/opt/evfs/bin/groupmod
/opt/evfs/bin/groupdel
DESCRIPTION
EVFS wrapper commands exhibit similar behavior as the corresponding HP-UX command. Refer to the
corresponding HP-UX man page for usage and options.
EVFS wrapper commands are located at
/opt/evfs/bin/
. This path is automatically prepended to
the
PATH shell variable when entering a secure session with evfsauth (1).
The EVFS wrapper commands are:
cp The purpose of this command wrapper is to prevent unintended decryption of encrypted
files. It is used to copy a file within a directory, within a file system or across different
file systems. The cp wrapper command does not allow the source to be a directory (in
other words, it does not support the -r and -R options).
The
cp command succeeds if the destination directory is configured for encryption. This
command fails if the source file is an encrypted file and the destination directory is not
configured for encryption. Use of the evfsxfr command with this wrapper will bypass
this restriction. See evfsxfr (1).
mv The purpose of this command wrapper is to prevent unintended decryption of encrypted
files. It is used to rename a file or a directory within a directory or to relocate a file
within a file system or across different file systems.
An encrypted file cannot be moved to a directory which is not configured for encryption.
However, renaming (i.e. moving within the same directory) of the encrypted files are
allowed. A clear file cannot be moved to a directory which is configured for encryption.
However, renaming a clear file within the same directory is allowed.
chown/chgrp The chown wrapper command changes the owner ID of each encrypted file to the
specified owner and, optionally, the group ID of each encrypted file to the specified group.
The
chgrp wrapper command changes the group ID of each encrypted file to the
specified group.
These wrapper commands do not support the
-R and -h options.
These commands can be used only by owner of the encrypted files to change the owner or
group permissions. To run these commands, the user should be in secure session and new
owner/group keys should be available.
These commands change both DAC permissions and EVFS permissions of encrypted files.
Other users are not allowed to change the EVFS file permissions using this wrapper com-
mand.
The following wrapper commands can only be used by superusers:
usermod Modifies a user login on the system. It modifies the user information in system by execut-
ing the HP-UX usermod command and cleans up the EVFS key storage associated with
the user. The -l option is not supported if the user already has valid keys.
userdel Deletes a user login from the system. The userdel command requires the login argu-
ment. It deletes the user from system by executing the HP-UX userdel command and
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1