Originally posted by: walterwerner

We are working on implementing EFS for transient data at rest.

 

We are using a test system to make certain we understand as well as possible the requirements and effects that EFS will have.

 

One of the items I've come across is a comment in "AIX V6 Advanced Security Features Introduction and Configuration"

on page 107 it states "If running in user mode, root would not be allowed to grant access to user keystore and would receive an error message similar to"

the message being "Unable to get the key to be sent".

 

We experienced this situation...  my question is what is :"user mode", and how do you get out of it?  I have not been able to find any other reference other than the one above.

 

This all was found because I was trying to give root access to a file encrypted by (for example) user1 in group 1

The file was owned by user1 and had group ownership by group1

as root, I couldn't do anything with the file (other than mv)...  weird, I can rename the file, but trying to chmod or chown would receive the message "Cannot find the requested security attribute"

 

 

Also, it appears from testing that once a file is encrypted, root cannot change the owner or permissions of the file?

The owner cannot change ownership either, but can change access permissions. 

Is that the intended behavior?   If so, how can we change the ownership of a file?

 

Is there a document somewhere that describes how things are intended to work?  Not just a walk through of typical actions, but a detailed description of how things work and administrative abilities for root like the user mode vs what mode?

 

thanks

 

#AIX-Forum