TCFS for BSD: Overwieving support utilities OVERVIEWING TCFS SUPPORT UTILITY Interaction between user and the kernel part of TCFS is provided by updating the tcfs mount point. This interaction consists in put/remove key operations. In order to make these operation easier, some support utilities have been designed. We have commands to put and remove users and/or group keys for any TCFS filesystem (tcfsputkey, tcfsrmkey), a command that manages cryptographic attributes, and a set of utility that manages a database of key (tcfsadduser, tcfsaddgroup, tcfsrmuser, tcfsrmgroup, tcfsgenkey). A utility to execute any user program giving it a per-process key, is also provided (tcfsrun). The TCFS utilities are placed into the /usr/tcfs/bin and /usr/tcfs/sbin directories. A development library and some include files are placed in /usr/tcfs/lib and /usr/tcfs/include, but are yet undocumented. The file /usr/tcfs/etc/tcfstab contains a filesystem_label - mountpoint mapping. This file must contain at least the definition of the label default. All TCFS utilities require the target tcfs filesystem. The user can specify a label instead of the path of the mount point. If The user does not indicate any filesystem, default filesystem is assumed as target. TCFS users can provide their keys by hand. Otherwise, it is possible to generate a "good" key, and store it scrambled in a key database. Keys are encrypted using the user password and stored in the /usr/tcfs/etc/tcfspwdb and /usr/tcfs/etc/tcfsgpwdb files (GDBM format databases). Thus, TCFS users must not remember their encryption key, but can use a randomly generated key just giving their password to the tcfsputkey command. To do this, each user, must be added to the tcfspwdb database by the system administrator. Example: 1. User ciccio pushes a "hand made" key ciccio$ tcfsputkey -k -p /mnt/tcfs Insert tcfs-key: This can be very cumbersome. We provide the following alternative key management scheme. 2. System administrator registers ciccio as a TCFS user # tcfsadduser -l ciccio then ciccio asks the generation of his key ciccio$ tcfsgenkey password: please press 10 keys: Each time, ciccio want use his default key, he must just run ciccio$ tcfsputkey -p /mnt/tcfs ciccio's default key is passed to TCFS The page group-sharing provide a description of the of the group-shared keys file protection. USER/GROUP KEY MANAGEMENT * tcfsputkey/tcfsrmkey tcfskey puts the user key into the target filesystem's key table. The key can be taken either from the key database /usr/tcfs/etc/tcfspwb database or from standard input. By default the user's key pushed into the kernel is taken from the key database. tcfsrmkey removes the user key. synopsis: tcfsputkey [-k][-f filesystem-label | -p mount-point] tcfsputkey [-g group][-f filesystem-label | -p mount-point] tcfsrmkey [-g group][-f filesystem-label | -p mount-point] options: -k user will be asked for a key that is put into the key table of the target filesystem. By default tcfsputkey search for an user's entry into the key database. The -k option can not be used with -g. -f indicates the label (defined in /usr/tcfs/etc/tcfstab) of the target filesystem. It can not be used with -p -p indicates the path of the mount-point of the target filesystem. If neither -k or -p are provided on the line command, tcfsputkey assumes the default label as target -g pushes the user's part of key into the group key table of the target filesystem * tcfsgenkey: Generates a random key and saves it into the entry of the TCFS key database relative to the user. synopsis: tcfsgenkey * tcfsflag Toggles/read tcfs file/directory attributes. synopsis: tcfsflag {x|g|r} file x option set/unset the user/process tcfs flag to file g option set/unset the group tcfs flag to file r reads tcfs attributes of file * tcfsrun: Creates a process, give him a tcfs process key, and let it to execute the given command line. synopsis: tcfsrun [-k][-p mount-point | -f filesystem-label] command [args...] -k user will be asked for a key. If this flag is not given, tcfsrun searches for a user's key into the key database. -f indicates the label (defined in /usr/tcfs/etc/tcfstab) of the target filesystem. It can not be used with -p -p indicates the path of the mount-point of the target filesystem. If neither -k or -p are provided on the line command, tcfsrun assumes the default label as target * tcfsadduser/tcfsrmuser: The administrator can add an entry into the tcfs key database by running tcfsadduser. Then users can generate their key by running tcfsgenkey. The tcfsrmuser command, removes an user entry from the tcfs-key database. synopsis: tcfsadduser [-l user] tcfsrmuser [-l user] -l specifies the user whose entry is being created/removed on the command line. * tcfsaddgroup/tcfsrmgroup: The administrator can add an entry into the group tcfs-key database by running tcfsaddgroup. The program asks the administrator these informations: o The group-id of the target group. o The number of components of the group. o The threshold (the minimum number of user's parts of key needed by the kernel to enable the group shared key). o The user-id of each component. tcfsaddgroup generates the group shared key and all user's parts. The tcfsrmgroup command, removes all database entries relative to the given group-id. synopsis: tcfsaddgroup [-g group] tcfsrmgroup [-g group] -g specifies the group whose entry is being created/removed on the command line.