Print this page
manpage lint.
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man1m/lofiadm.1m
+++ new/usr/src/man/man1m/lofiadm.1m
1 1 '\" te
2 2 .\" Copyright 2013 Nexenta Systems, Inc. All rights reserved.
3 3 .\" Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
4 4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
5 5 .\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with
6 6 .\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
7 7 .TH LOFIADM 1M "Aug 28, 2013"
8 8 .SH NAME
9 9 lofiadm \- administer files available as block devices through lofi
10 10 .SH SYNOPSIS
11 11 .LP
12 12 .nf
13 13 \fBlofiadm\fR [\fB-r\fR] \fB-a\fR \fIfile\fR [\fIdevice\fR]
14 14 .fi
15 15
16 16 .LP
17 17 .nf
18 18 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
19 19 .fi
20 20
21 21 .LP
22 22 .nf
23 23 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-k\fR \fIraw_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
24 24 .fi
25 25
26 26 .LP
27 27 .nf
28 28 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
29 29 .fi
30 30
31 31 .LP
32 32 .nf
33 33 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-T\fR \fItoken_key\fR
34 34 \fB-k\fR \fIwrapped_key_file\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
35 35 .fi
36 36
37 37 .LP
38 38 .nf
39 39 \fBlofiadm\fR [\fB-r\fR] \fB-c\fR \fIcrypto_algorithm\fR \fB-e\fR \fB-a\fR \fIfile\fR [\fIdevice\fR]
40 40 .fi
41 41
42 42 .LP
43 43 .nf
44 44 \fBlofiadm\fR \fB-C\fR \fIalgorithm\fR [\fB-s\fR \fIsegment_size\fR] \fIfile\fR
45 45 .fi
46 46
47 47 .LP
48 48 .nf
49 49 \fBlofiadm\fR \fB-d\fR \fIfile\fR | \fIdevice\fR
50 50 .fi
51 51
52 52 .LP
53 53 .nf
54 54 \fBlofiadm\fR \fB-U\fR \fIfile\fR
55 55 .fi
56 56
57 57 .LP
58 58 .nf
59 59 \fBlofiadm\fR [ \fIfile\fR | \fIdevice\fR]
60 60 .fi
61 61
62 62 .SH DESCRIPTION
63 63 .sp
64 64 .LP
65 65 \fBlofiadm\fR administers \fBlofi\fR, the loopback file driver. \fBlofi\fR
66 66 allows a file to be associated with a block device. That file can then be
67 67 accessed through the block device. This is useful when the file contains an
68 68 image of some filesystem (such as a floppy or \fBCD-ROM\fR image), because the
69 69 block device can then be used with the normal system utilities for mounting,
70 70 checking or repairing filesystems. See \fBfsck\fR(1M) and \fBmount\fR(1M).
71 71 .sp
72 72 .LP
73 73 Use \fBlofiadm\fR to add a file as a loopback device, remove such an
|
↓ open down ↓ |
73 lines elided |
↑ open up ↑ |
74 74 association, or print information about the current associations.
75 75 .sp
76 76 .LP
77 77 Encryption and compression options are mutually exclusive on the command line.
78 78 Further, an encrypted file cannot be compressed later, nor can a compressed
79 79 file be encrypted later.
80 80
81 81 In the global zone, \fBlofiadm\fR can be used on both the global
82 82 zone devices and all devices owned by other non-global zones on the system.
83 83 .sp
84 -.LP
85 84 .SH OPTIONS
86 85 .sp
87 86 .LP
88 87 The following options are supported:
89 88 .sp
90 89 .ne 2
91 90 .na
92 91 \fB\fB-a\fR \fIfile\fR [\fIdevice\fR]\fR
93 92 .ad
94 93 .sp .6
95 94 .RS 4n
96 95 Add \fIfile\fR as a block device.
97 96 .sp
98 97 If \fIdevice\fR is not specified, an available device is picked.
99 98 .sp
100 99 If \fIdevice\fR is specified, \fBlofiadm\fR attempts to assign it to
101 100 \fIfile\fR. \fIdevice\fR must be available or \fBlofiadm\fR will fail. The
102 101 ability to specify a device is provided for use in scripts that wish to
103 102 reestablish a particular set of associations.
104 103 .RE
105 104
106 105 .sp
107 106 .ne 2
108 107 .na
109 108 \fB\fB-C\fR {\fIgzip\fR | \fIgzip-N\fR | \fIlzma\fR}\fR
110 109 .ad
111 110 .sp .6
112 111 .RS 4n
113 112 Compress the file with the specified compression algorithm.
114 113 .sp
115 114 The \fBgzip\fR compression algorithm uses the same compression as the
116 115 open-source \fBgzip\fR command. You can specify the \fBgzip\fR level by using
117 116 the value \fBgzip-\fR\fIN\fR where \fIN\fR is 6 (fast) or 9 (best compression
118 117 ratio). Currently, \fBgzip\fR, without a number, is equivalent to \fBgzip-6\fR
119 118 (which is also the default for the \fBgzip\fR command).
120 119 .sp
121 120 \fIlzma\fR stands for the LZMA (Lempel-Ziv-Markov) compression algorithm.
122 121 .sp
123 122 Note that you cannot write to a compressed file, nor can you mount a compressed
124 123 file read/write.
125 124 .RE
126 125
127 126 .sp
128 127 .ne 2
129 128 .na
130 129 \fB\fB-d\fR \fIfile\fR | \fIdevice\fR\fR
131 130 .ad
132 131 .sp .6
133 132 .RS 4n
134 133 Remove an association by \fIfile\fR or \fIdevice\fR name, if the associated
135 134 block device is not busy, and deallocates the block device.
136 135 .RE
137 136
138 137 .sp
139 138 .ne 2
140 139 .na
141 140 \fB\fB-r\fR
142 141 .ad
143 142 .sp .6
144 143 .RS 4n
145 144 If the \fB-r\fR option is specified before the \fB-a\fR option, the
146 145 \fIdevice\fR will be opened read-only.
147 146 .RE
148 147
149 148 .sp
150 149 .ne 2
151 150 .na
152 151 \fB\fB-s\fR \fIsegment_size\fR\fR
153 152 .ad
154 153 .sp .6
155 154 .RS 4n
156 155 The segment size to use to divide the file being compressed. \fIsegment_size\fR
157 156 can be an integer multiple of 512.
158 157 .RE
159 158
160 159 .sp
161 160 .ne 2
162 161 .na
163 162 \fB\fB-U\fR \fIfile\fR\fR
164 163 .ad
165 164 .sp .6
166 165 .RS 4n
167 166 Uncompress a compressed file.
168 167 .RE
169 168
170 169 .sp
171 170 .LP
172 171 The following options are used when the file is encrypted:
173 172 .sp
174 173 .ne 2
175 174 .na
176 175 \fB\fB-c\fR \fIcrypto_algorithm\fR\fR
177 176 .ad
178 177 .sp .6
179 178 .RS 4n
180 179 Select the encryption algorithm. The algorithm must be specified when
181 180 encryption is enabled because the algorithm is not stored in the disk image.
182 181 .sp
183 182 If none of \fB-e\fR, \fB-k\fR, or \fB-T\fR is specified, \fBlofiadm\fR prompts
184 183 for a passphrase, with a minimum length of eight characters, to be entered .
185 184 The passphrase is used to derive a symmetric encryption key using PKCS#5 PBKD2.
186 185 .RE
187 186
188 187 .sp
189 188 .ne 2
190 189 .na
191 190 \fB\fB-k\fR \fIraw_key_file\fR | \fIwrapped_key_file\fR\fR
192 191 .ad
193 192 .sp .6
194 193 .RS 4n
195 194 Path to raw or wrapped symmetric encryption key. If a PKCS#11 object is also
196 195 given with the \fB-T\fR option, then the key is wrapped by that object. If
197 196 \fB-T\fR is not specified, the key is used raw.
198 197 .RE
199 198
200 199 .sp
201 200 .ne 2
202 201 .na
203 202 \fB\fB-T\fR \fItoken_key\fR\fR
204 203 .ad
205 204 .sp .6
206 205 .RS 4n
207 206 The key in a PKCS#11 token to use for the encryption or for unwrapping the key
208 207 file.
209 208 .sp
210 209 If \fB-k\fR is also specified, \fB-T\fR identifies the unwrapping key, which
211 210 must be an RSA private key.
212 211 .RE
213 212
214 213 .sp
215 214 .ne 2
216 215 .na
217 216 \fB\fB-e\fR\fR
218 217 .ad
219 218 .sp .6
220 219 .RS 4n
221 220 Generate an ephemeral symmetric encryption key.
222 221 .RE
223 222
224 223 .SH OPERANDS
225 224 .sp
226 225 .LP
227 226 The following operands are supported:
228 227 .sp
229 228 .ne 2
230 229 .na
231 230 \fB\fIcrypto_algorithm\fR\fR
232 231 .ad
233 232 .sp .6
234 233 .RS 4n
235 234 One of: \fBaes-128-cbc\fR, \fBaes-192-cbc\fR, \fBaes-256-cbc\fR,
236 235 \fBdes3-cbc\fR, \fBblowfish-cbc\fR.
237 236 .RE
238 237
239 238 .sp
240 239 .ne 2
241 240 .na
242 241 \fB\fIdevice\fR\fR
243 242 .ad
244 243 .sp .6
245 244 .RS 4n
246 245 Display the file name associated with the block device \fIdevice\fR.
247 246 .sp
248 247 Without arguments, print a list of the current associations. Filenames must be
249 248 valid absolute pathnames.
250 249 .sp
251 250 When a file is added, it is opened for reading or writing by root. Any
252 251 restrictions apply (such as restricted root access over \fBNFS\fR). The file is
253 252 held open until the association is removed. It is not actually accessed until
254 253 the block device is used, so it will never be written to if the block device is
255 254 only opened read-only.
256 255
257 256 Note that the filename may appear as "?" if it is not possible to resolve the
258 257 path in the current context (for example, if it's an NFS path in a non-global
259 258 zone).
260 259 .RE
261 260
262 261 .sp
263 262 .ne 2
264 263 .na
265 264 \fB\fIfile\fR\fR
266 265 .ad
267 266 .sp .6
268 267 .RS 4n
269 268 Display the block device associated with \fIfile\fR.
270 269 .RE
271 270
272 271 .sp
273 272 .ne 2
274 273 .na
275 274 \fB\fIraw_key_file\fR\fR
276 275 .ad
277 276 .sp .6
278 277 .RS 4n
279 278 Path to a file of the appropriate length, in bits, to use as a raw symmetric
280 279 encryption key.
281 280 .RE
282 281
283 282 .sp
284 283 .ne 2
285 284 .na
286 285 \fB\fItoken_key\fR\fR
287 286 .ad
288 287 .sp .6
289 288 .RS 4n
290 289 PKCS#11 token object in the format:
291 290 .sp
292 291 .in +2
293 292 .nf
294 293 \fItoken_name\fR:\fImanufacturer_id\fR:\fIserial_number\fR:\fIkey_label\fR
295 294 .fi
296 295 .in -2
297 296 .sp
298 297
299 298 All but the key label are optional and can be empty. For example, to specify a
300 299 token object with only its key label \fBMylofiKey\fR, use:
301 300 .sp
302 301 .in +2
303 302 .nf
304 303 -T :::MylofiKey
305 304 .fi
306 305 .in -2
307 306 .sp
308 307
309 308 .RE
310 309
311 310 .sp
312 311 .ne 2
313 312 .na
314 313 \fB\fIwrapped_key_file\fR\fR
315 314 .ad
316 315 .sp .6
317 316 .RS 4n
318 317 Path to file containing a symmetric encryption key wrapped by the RSA private
319 318 key specified by \fB-T\fR.
320 319 .RE
321 320
322 321 .SH EXAMPLES
323 322 .LP
324 323 \fBExample 1 \fRMounting an Existing CD-ROM Image
325 324 .sp
326 325 .LP
327 326 You should ensure that Solaris understands the image before creating the
328 327 \fBCD\fR. \fBlofi\fR allows you to mount the image and see if it works.
329 328
330 329 .sp
331 330 .LP
332 331 This example mounts an existing \fBCD-ROM\fR image (\fBsparc.iso\fR), of the
333 332 \fBRed Hat 6.0 CD\fR which was downloaded from the Internet. It was created
334 333 with the \fBmkisofs\fR utility from the Internet.
335 334
336 335 .sp
337 336 .LP
338 337 Use \fBlofiadm\fR to attach a block device to it:
339 338
340 339 .sp
341 340 .in +2
342 341 .nf
343 342 # \fBlofiadm -a /home/mike_s/RH6.0/sparc.iso\fR
344 343 /dev/lofi/1
345 344 .fi
346 345 .in -2
347 346 .sp
348 347
349 348 .sp
350 349 .LP
351 350 \fBlofiadm\fR picks the device and prints the device name to the standard
352 351 output. You can run \fBlofiadm\fR again by issuing the following command:
353 352
354 353 .sp
355 354 .in +2
356 355 .nf
357 356 # \fBlofiadm\fR
358 357 Block Device File Options
359 358 /dev/lofi/1 /home/mike_s/RH6.0/sparc.iso -
360 359 .fi
361 360 .in -2
362 361 .sp
363 362
364 363 .sp
365 364 .LP
366 365 Or, you can give it one name and ask for the other, by issuing the following
367 366 command:
368 367
369 368 .sp
370 369 .in +2
371 370 .nf
372 371 # \fBlofiadm /dev/lofi/1\fR
373 372 /home/mike_s/RH6.0/sparc.iso
374 373 .fi
375 374 .in -2
376 375 .sp
377 376
378 377 .sp
379 378 .LP
380 379 Use the \fBmount\fR command to mount the image:
381 380
382 381 .sp
383 382 .in +2
384 383 .nf
385 384 # \fBmount -F hsfs -o ro /dev/lofi/1 /mnt\fR
386 385 .fi
387 386 .in -2
388 387 .sp
389 388
390 389 .sp
391 390 .LP
392 391 Check to ensure that Solaris understands the image:
393 392
394 393 .sp
395 394 .in +2
396 395 .nf
397 396 # \fBdf -k /mnt\fR
398 397 Filesystem kbytes used avail capacity Mounted on
399 398 /dev/lofi/1 512418 512418 0 100% /mnt
400 399 # \fBls /mnt\fR
401 400 \&./ RedHat/ doc/ ls-lR rr_moved/
402 401 \&../ TRANS.TBL dosutils/ ls-lR.gz sbin@
403 402 \&.buildlog bin@ etc@ misc/ tmp/
404 403 COPYING boot/ images/ mnt/ usr@
405 404 README boot.cat* kernels/ modules/
406 405 RPM-PGP-KEY dev@ lib@ proc/
407 406 .fi
408 407 .in -2
409 408 .sp
410 409
411 410 .sp
412 411 .LP
413 412 Solaris can mount the CD-ROM image, and understand the filenames. The image was
414 413 created properly, and you can now create the \fBCD-ROM\fR with confidence.
415 414
416 415 .sp
417 416 .LP
418 417 As a final step, unmount and detach the images:
419 418
420 419 .sp
421 420 .in +2
422 421 .nf
423 422 # \fBumount /mnt\fR
424 423 # \fBlofiadm -d /dev/lofi/1\fR
425 424 # \fBlofiadm\fR
426 425 Block Device File Options
427 426 .fi
428 427 .in -2
429 428 .sp
430 429
431 430 .LP
432 431 \fBExample 2 \fRMounting a Floppy Image
433 432 .sp
434 433 .LP
435 434 This is similar to the first example.
436 435
437 436 .sp
438 437 .LP
439 438 Using \fBlofi\fR to help you mount files that contain floppy images is helpful
440 439 if a floppy disk contains a file that you need, but the machine which you are
441 440 on does not have a floppy drive. It is also helpful if you do not want to take
442 441 the time to use the \fBdd\fR command to copy the image to a floppy.
443 442
444 443 .sp
445 444 .LP
446 445 This is an example of getting to \fBMDB\fR floppy for Solaris on an x86
447 446 platform:
448 447
449 448 .sp
450 449 .in +2
451 450 .nf
452 451 # \fBlofiadm -a /export/s28/MDB_s28x_wos/latest/boot.3\fR
453 452 /dev/lofi/1
454 453 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
455 454 # \fBls /mnt\fR
456 455 \&./ COMMENT.BAT* RC.D/ SOLARIS.MAP*
457 456 \&../ IDENT* REPLACE.BAT* X/
458 457 APPEND.BAT* MAKEDIR.BAT* SOLARIS/
459 458 # \fBumount /mnt\fR
460 459 # \fBlofiadm -d /export/s28/MDB_s28x_wos/latest/boot.3\fR
461 460 .fi
462 461 .in -2
463 462 .sp
464 463
465 464 .LP
466 465 \fBExample 3 \fRMaking a \fBUFS\fR Filesystem on a File
467 466 .sp
468 467 .LP
469 468 Making a \fBUFS\fR filesystem on a file can be useful, particularly if a test
470 469 suite requires a scratch filesystem. It can be painful (or annoying) to have to
471 470 repartition a disk just for the test suite, but you do not have to. You can
472 471 \fBnewfs\fR a file with \fBlofi\fR
473 472
474 473 .sp
475 474 .LP
476 475 Create the file:
477 476
478 477 .sp
479 478 .in +2
480 479 .nf
481 480 # \fBmkfile 35m /export/home/test\fR
482 481 .fi
483 482 .in -2
484 483 .sp
485 484
486 485 .sp
487 486 .LP
488 487 Attach it to a block device. You also get the character device that \fBnewfs\fR
489 488 requires, so \fBnewfs\fR that:
490 489
491 490 .sp
492 491 .in +2
493 492 .nf
494 493 # \fBlofiadm -a /export/home/test\fR
495 494 /dev/lofi/1
496 495 # \fBnewfs /dev/rlofi/1\fR
497 496 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
498 497 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
499 498 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
500 499 super-block backups (for fsck -F ufs -o b=#) at:
501 500 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
502 501 .fi
503 502 .in -2
504 503 .sp
505 504
506 505 .sp
507 506 .LP
508 507 Note that \fBufs\fR might not be able to use the entire file. Mount and use the
509 508 filesystem:
510 509
511 510 .sp
512 511 .in +2
513 512 .nf
514 513 # \fBmount /dev/lofi/1 /mnt\fR
515 514 # \fBdf -k /mnt\fR
516 515 Filesystem kbytes used avail capacity Mounted on
517 516 /dev/lofi/1 33455 9 30101 1% /mnt
518 517 # \fBls /mnt\fR
519 518 \&./ ../ lost+found/
520 519 # \fBumount /mnt\fR
521 520 # \fBlofiadm -d /dev/lofi/1\fR
522 521 .fi
523 522 .in -2
524 523 .sp
525 524
526 525 .LP
527 526 \fBExample 4 \fRCreating a PC (FAT) File System on a Unix File
528 527 .sp
529 528 .LP
530 529 The following series of commands creates a \fBFAT\fR file system on a Unix
531 530 file. The file is associated with a block device created by \fBlofiadm\fR.
532 531
533 532 .sp
534 533 .in +2
535 534 .nf
536 535 # \fBmkfile 10M /export/test/testfs\fR
537 536 # \fBlofiadm -a /export/test testfs\fR
538 537 /dev/lofi/1
539 538 \fBNote use of\fR rlofi\fB, not\fR lofi\fB, in following command.\fR
540 539 # \fBmkfs -F pcfs -o nofdisk,size=20480 /dev/rlofi/1\fR
541 540 \fBConstruct a new FAT file system on /dev/rlofi/1: (y/n)?\fR y
542 541 # \fBmount -F pcfs /dev/lofi/1 /mnt\fR
543 542 # \fBcd /mnt\fR
544 543 # \fBdf -k .\fR
545 544 Filesystem kbytes used avail capacity Mounted on
546 545 /dev/lofi/1 10142 0 10142 0% /mnt
547 546 .fi
548 547 .in -2
549 548 .sp
550 549
551 550 .LP
552 551 \fBExample 5 \fRCompressing an Existing CD-ROM Image
553 552 .sp
554 553 .LP
555 554 The following example illustrates compressing an existing CD-ROM image
556 555 (\fBsolaris.iso\fR), verifying that the image is compressed, and then
557 556 uncompressing it.
558 557
559 558 .sp
560 559 .in +2
561 560 .nf
562 561 # \fBlofiadm -C gzip /export/home/solaris.iso\fR
563 562 .fi
564 563 .in -2
565 564 .sp
566 565
567 566 .sp
568 567 .LP
569 568 Use \fBlofiadm\fR to attach a block device to it:
570 569
571 570 .sp
572 571 .in +2
573 572 .nf
574 573 # \fBlofiadm -a /export/home/solaris.iso\fR
575 574 /dev/lofi/1
576 575 .fi
577 576 .in -2
578 577 .sp
579 578
580 579 .sp
581 580 .LP
582 581 Check if the mapped image is compressed:
583 582
584 583 .sp
585 584 .in +2
586 585 .nf
587 586 # \fBlofiadm\fR
588 587 Block Device File Options
589 588 /dev/lofi/1 /export/home/solaris.iso Compressed(gzip)
590 589 /dev/lofi/2 /export/home/regular.iso -
591 590 .fi
592 591 .in -2
593 592 .sp
594 593
595 594 .sp
596 595 .LP
597 596 Unmap the compressed image and uncompress it:
598 597
599 598 .sp
600 599 .in +2
601 600 .nf
602 601 # \fBlofiadm -d /dev/lofi/1\fR
603 602 # \fBlofiadm -U /export/home/solaris.iso\fR
604 603 .fi
605 604 .in -2
606 605 .sp
607 606
608 607 .LP
609 608 \fBExample 6 \fRCreating an Encrypted UFS File System on a File
610 609 .sp
611 610 .LP
612 611 This example is similar to the example of making a UFS filesystem on a file,
613 612 above.
614 613
615 614 .sp
616 615 .LP
617 616 Create the file:
618 617
619 618 .sp
620 619 .in +2
621 620 .nf
622 621 # \fBmkfile 35m /export/home/test\fR
623 622 .fi
624 623 .in -2
625 624 .sp
626 625
627 626 .sp
628 627 .LP
629 628 Attach the file to a block device and specify that the file image is encrypted.
630 629 As a result of this command, you obtain the character device, which is
631 630 subsequently used by \fBnewfs\fR:
632 631
633 632 .sp
634 633 .in +2
635 634 .nf
636 635 # \fBlofiadm -c aes-256-cbc -a /export/home/secrets\fR
637 636 Enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
638 637 Re-enter passphrase: \fBMy-M0th3r;l0v3s_m3+4lw4ys!\fR (\fBnot echoed\fR)
639 638 /dev/lofi/1
640 639
641 640 # \fBnewfs /dev/rlofi/1\fR
642 641 newfs: construct a new file system /dev/rlofi/1: (y/n)? \fBy\fR
643 642 /dev/rlofi/1: 71638 sectors in 119 cylinders of 1 tracks, 602 sectors
644 643 35.0MB in 8 cyl groups (16 c/g, 4.70MB/g, 2240 i/g)
645 644 super-block backups (for fsck -F ufs -o b=#) at:
646 645 32, 9664, 19296, 28928, 38560, 48192, 57824, 67456,
647 646 .fi
648 647 .in -2
649 648 .sp
650 649
651 650 .sp
652 651 .LP
653 652 The mapped file system shows that encryption is enabled:
654 653
655 654 .sp
656 655 .in +2
657 656 .nf
658 657 # \fBlofiadm\fR
659 658 Block Device File Options
660 659 /dev/lofi/1 /export/home/secrets Encrypted
661 660 .fi
662 661 .in -2
663 662 .sp
664 663
665 664 .sp
666 665 .LP
667 666 Mount and use the filesystem:
668 667
669 668 .sp
670 669 .in +2
671 670 .nf
672 671 # \fBmount /dev/lofi/1 /mnt\fR
673 672 # \fBcp moms_secret_*_recipe /mnt\fR
674 673 # \fBls /mnt\fR
675 674 \&./ moms_secret_cookie_recipe moms_secret_soup_recipe
676 675 \&../ moms_secret_fudge_recipe moms_secret_stuffing_recipe
677 676 lost+found/ moms_secret_meatloaf_recipe moms_secret_waffle_recipe
678 677 # \fBumount /mnt\fR
679 678 # \fBlofiadm -d /dev/lofi/1\fR
680 679 .fi
681 680 .in -2
682 681 .sp
683 682
684 683 .sp
685 684 .LP
686 685 Subsequent attempts to map the filesystem with the wrong key or the wrong
687 686 encryption algorithm will fail:
688 687
689 688 .sp
690 689 .in +2
691 690 .nf
692 691 # \fBlofiadm -c blowfish-cbc -a /export/home/secrets\fR
693 692 Enter passphrase: \fBmommy\fR (\fInot echoed\fR)
694 693 Re-enter passphrase: \fBmommy\fR (\fInot echoed\fR)
695 694 lofiadm: could not map file /root/lofi: Invalid argument
696 695 # \fBlofiadm\fR
697 696 Block Device File Options
698 697 #
699 698 .fi
700 699 .in -2
701 700 .sp
702 701
703 702 .sp
704 703 .LP
705 704 Attempts to map the filesystem without encryption will succeed, however
706 705 attempts to mount and use the filesystem will fail:
707 706
708 707 .sp
709 708 .in +2
710 709 .nf
711 710 # \fBlofiadm -a /export/home/secrets\fR
712 711 /dev/lofi/1
713 712 # \fBlofiadm\fR
714 713 Block Device File Options
715 714 /dev/lofi/1 /export/home/secrets -
716 715 # \fBmount /dev/lofi/1 /mnt\fR
717 716 mount: /dev/lofi/1 is not this fstype
718 717 #
719 718 .fi
720 719 .in -2
721 720 .sp
722 721
723 722 .SH ENVIRONMENT VARIABLES
724 723 .sp
725 724 .LP
726 725 See \fBenviron\fR(5) for descriptions of the following environment variables
727 726 that affect the execution of \fBlofiadm\fR: \fBLC_CTYPE\fR, \fBLC_MESSAGES\fR
728 727 and \fBNLSPATH\fR.
729 728 .SH EXIT STATUS
730 729 .sp
731 730 .LP
732 731 The following exit values are returned:
733 732 .sp
734 733 .ne 2
735 734 .na
736 735 \fB\fB0\fR\fR
737 736 .ad
738 737 .sp .6
739 738 .RS 4n
740 739 Successful completion.
741 740 .RE
742 741
743 742 .sp
744 743 .ne 2
745 744 .na
746 745 \fB\fB>0\fR\fR
747 746 .ad
748 747 .sp .6
749 748 .RS 4n
750 749 An error occurred.
751 750 .RE
752 751
753 752 .SH SEE ALSO
754 753 .sp
755 754 .LP
756 755 \fBfsck\fR(1M), \fBmount\fR(1M), \fBmount_ufs\fR(1M), \fBnewfs\fR(1M),
757 756 \fBattributes\fR(5), \fBlofi\fR(7D), \fBlofs\fR(7FS)
758 757 .SH NOTES
759 758 .sp
760 759 .LP
761 760 Just as you would not directly access a disk device that has mounted file
762 761 systems, you should not access a file associated with a block device except
763 762 through the \fBlofi\fR file driver. It might also be appropriate to ensure that
764 763 the file has appropriate permissions to prevent such access.
765 764 .sp
766 765 .LP
767 766 The abilities of \fBlofiadm\fR, and who can use them, are controlled by the
768 767 permissions of \fB/dev/lofictl\fR. Read-access allows query operations, such as
769 768 listing all the associations. Write-access is required to do any state-changing
770 769 operations, like adding an association. As shipped, \fB/dev/lofictl\fR is owned
771 770 by \fBroot\fR, in group \fBsys\fR, and mode \fB0644\fR, so all users can do
772 771 query operations but only root can change anything. The administrator can give
773 772 users write-access, allowing them to add or delete associations, but that is
774 773 very likely a security hole and should probably only be given to a trusted
775 774 group.
776 775 .sp
777 776 .LP
778 777 When mounting a filesystem image, take care to use appropriate mount options.
779 778 In particular, the \fBnosuid\fR mount option might be appropriate for \fBUFS\fR
780 779 images whose origin is unknown. Also, some options might not be useful or
781 780 appropriate, like \fBlogging\fR or \fBforcedirectio\fR for \fBUFS\fR. For
782 781 compatibility purposes, a raw device is also exported along with the block
783 782 device. For example, \fBnewfs\fR(1M) requires one.
784 783 .sp
785 784 .LP
786 785 The output of \fBlofiadm\fR (without arguments) might change in future
787 786 releases.
|
↓ open down ↓ |
693 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX