开发学院操作系统 Linux/Unix AIX 6 加密文件系统（Encrypted File System），第... 阅读

AIX 6 加密文件系统（Encrypted File System），第 3 部分：用户管理（上）

　2008-09-06 08:20:10　来源：WEB开发网　闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�

闂傚倸鍊风粈渚€骞夐敓鐘插瀭闁汇垹鐏氬畷鏌ユ煙閹殿喖顣奸柛搴＄У閵囧嫰骞掗幋婵冨亾閻㈢ǹ纾婚柟鐐灱濡插牊绻涢崱妤冃℃繛宀婁簽缁辨捇宕掑鎵佹瀸闂佺懓鍤栭幏锟�

濠电姷鏁告慨顓㈠箯閸愵喖宸濇い鎾寸箘閹规洟姊绘笟鈧ḿ褍煤閵堝悿娲Ω閳轰胶鍔﹀銈嗗笂閼冲爼鍩婇弴銏＄厪闁搞儮鏅涙禒褏绱掓潏鈺佷槐闁轰焦鎹囬弫鎾绘晸閿燂拷闂傚倸鍊风欢姘缚瑜嶈灋闁圭虎鍠栫粻顖炴煥閻曞倹瀚�　　闂傚倸鍊烽懗鑸电仚缂備胶绮〃鍛村煝瀹ュ鍗抽柕蹇曞У閻庮剟姊虹紒妯哄闁诲繑姘ㄩ埀顒佸嚬閸撶喎顫忓ú顏勫瀭妞ゆ洖鎳庨崜浼存⒑闁偛鑻晶顔剧磼婢跺﹦绉虹€殿喖顭锋俊姝岊槷闁稿鎹囧Λ鍐ㄢ槈濞嗗繑娈橀梻浣风串缂嶁偓濞存粠鍓熼崺鈧い鎺戝€归弳顒勬煕鐎ｎ亷韬€规洑鍗冲鍊燁槾闁哄棴绠撻弻銊╂偆閸屾稑顏�

核心提示： # efskeymgr -k user/user1 -s user/user3Encryption framework returned an error:(libefs bad parameter)Unable to get the key to be sentuser5 登录，并运行

# efskeymgr -k user/user1 -s user/user3 Encryption framework returned an error:(libefs bad parameter) Unable to get the key to be sent

user5 登录，并运行 efsmgr -v 命令，以显示他的或者她的密钥存储库的内容。其中添加了 user3 用户密钥存储库的访问密钥。

user5 在当前 Shell 中加载他的或者她的密钥存储库的内容。efskeymgr -V 命令显示了当前 Shell 中所加载的访问密钥：

user3 密钥存储库的访问密钥

user1 密钥存储库的访问密钥

user5 密钥存储库的访问密钥

gid 为 202 的组的密钥存储库的访问密钥

gid 为 203 的组的密钥存储库的访问密钥

user5 可以访问他或者她自己的密钥，以及可以从 user3 密钥存储库中进行访问的所有密钥，这样一来，也就包含了可以从 user1 密钥存储库中访问的所有密钥。

示例 7 授予对用户密钥存储库的访问权限

$ id uid=205(user3) gid=1(staff) $ efskeymgr -v Keystore content: Keystore owner ............: uid 205 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/10/07 at 09:41:20 Private key: Algorithm :RSA_1024 Fingerprint :30412121:e5a7b90d:dba7dd19:2c45b1e0:c331c09f Validity :This key is valid. # efskeymgr -k user/user1 -s user/user3 root's EFS password: $ id uid=205(user3) gid=1(staff) $ efskeymgr -v Keystore content: Keystore owner ............: uid 205 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/10/07 at 09:41:20 Private key: Algorithm :RSA_1024 Fingerprint :30412121:e5a7b90d:dba7dd19:2c45b1e0:c331c09f Validity :This key is valid. Access key to keystore user/user1 $ lsuser user1 user1 id=203 pgrp=staff groups=staff,group1,group2 home=/home/user1 shell=/usr/bin/ksh $ efskeymgr -o ksh $ efskeymgr -V List of keys loaded in the current process: Key #0: Kind .....................User key Id (uid / gid) ......... 203 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. eb1aab3e:39c3191c:15cb36d6:57bb2a7c:b3c6d356 Key #1: Kind .....................User key Id (uid / gid) ......... 205 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. 30412121:e5a7b90d:dba7dd19:2c45b1e0:c331c09f Key #2: Kind .....................Group key Id (uid / gid) ......... 202 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. 19f16934:20a54e8e:d59aea33:111a37bf:06261785 Key #3: Kind .....................Group key Id (uid / gid) ......... 203 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. bdf38da7:57cd4486:6794c1bf:5329e0c4:4d042fcc # efskeymgr -k user/user3 -s user/user5 root's EFS password: $ id uid=207(user5) gid=1(staff) $ efskeymgr -v Keystore content: Keystore owner ............: uid 207 Keystore mode .............: admin:managed by EFS administrator Password changed last on ..: 05/10/07 at 11:41:51 Private key: Algorithm :RSA_1024 Fingerprint :6a9423b3:f59f0497:2f0f8ba0:9805a358:e18b16cd Validity :This key is valid. Access key to keystore user/user3 $ efskeymgr -o ksh $ efskeymgr -V List of keys loaded in the current process: Key #0: Kind .....................User key Id (uid / gid) ......... 203 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. eb1aab3e:39c3191c:15cb36d6:57bb2a7c:b3c6d356 Key #1: Kind .....................User key Id (uid / gid) ......... 205 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. 30412121:e5a7b90d:dba7dd19:2c45b1e0:c331c09f Key #2: Kind .....................User key Id (uid / gid) ......... 207 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. 6a9423b3:f59f0497:2f0f8ba0:9805a358:e18b16cd Key #3: Kind .....................Group key Id (uid / gid) ......... 202 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. 19f16934:20a54e8e:d59aea33:111a37bf:06261785 Key #4: Kind .....................Group key Id (uid / gid) ......... 203 Type .....................Private key Algorithm ................RSA_1024 Validity .................Key is valid Fingerprint .............. bdf38da7:57cd4486:6794c1bf:5329e0c4:4d042fcc