cattach associates the encrypted directory (previously
created with cmkdir(1)) with the specified name.
cattach prompts for a passphrase, which is used to generate
cryptographic keys sent to the cfs daemon cfsd(8) and used to
transparently encrypt and decrypt the files as needed. If the correct
passphrase is given (as verified by a known-plaintext hash file in the
encrypted directory), the user may thereafter access the cleartext of
the files in a virtual directory called name under the CFS mount
point (usually /crypt). Otherwise, no virtual directory is created.
The underlying directory may be specified either as an absolute
path or relative to the current directory.
If no Iname is specified, the last path component of
directory is used as a default.
If the -l ("lower security mode") option is given, newly created
identical files will encrypt to identical ciphertexts. Otherwise, the
creation time plus the original inode number of the encrypted file is
used to perturb each file, frustrating certain cryptanalytic attacks.
Under highly concurrent operation with multiple instances of the same
encrypted directory, however, lower security mode may be required to
avoid some race conditions. This mode also makes recovery (from
backups) of individual encrypted files a bit simpler.
Note that attached virtual directories may be used only by users whose
UID is the same as the issuer of the cattach command.
Ordinarily, the names of all currently attached directories can be
obtained by listing the contents of /crypt (e.g., with ls(1)).
If the specified name begins with a . (dot), however, cfsd
will not include the name in directory listings. By using a
hard-to-guess name, this mechanism can be used to provide some
protection against attackers who can spoof the UID on the client
machine. See the ssh(1) command for an example of this usage.
The -t option causes the attach to automatically go away after
the specified number of minutes. The -i option deletes the
attach after a specified number of minutes of inactivity. Note that
these options, if used, should be chosen with some care; too short
timeouts may actually increase the risk of compromise of frequently
cattach will normally attempt to read the passphrase from the
tty device (/dev/tty) and will not echo. The -- options forces
cattach to read from stdin.
Virtual directories should be removed with the cdetach(1)
command when no longer in use.
Really, really slow machines can time out on the RPC before cfsd is
finished processing the attach command, especially when 3-DES is used.
Such machines should probably be considered too slow to be running an
encrypted file system anyway.
You cant attach an already encrypted directory, lest the
single-threaded cfsd find itself in a deadlock.
There really should be a better security mechanism than the UID to
protect against spoofing currently attached directories. The .name
hack is an ugly kludge. In particular, it would be better to limit
access to the process group of the user who issued the cattach
command. Unfortunately, that information is not passed to cfsd.
The timeout isnt perfect, and may occur a minute or two later than