darren_moffat@blog$ cat /dev/mem | grep /dev/urandom

All | General | Security | Solaris
« What is the maximum... | Main | Making files on ZFS... »

20080814 Thursday August 14, 2008

Heaps of info available on files via good old ls(1) [ But not encryption status ]

In "compact" form:

ls -V@ -/c -% all /tank/fs/hamlet.txt
-rw-r--r--+  1 root     root      211179 Aug 14 12:20 /tank/fs/hamlet.txt
                {AHRSa-i--u}
                timestamp: atime         Aug 14 12:37:37 2008 
                timestamp: ctime         Aug 14 12:32:58 2008 
                timestamp: mtime         Aug 14 12:20:08 2008 
                timestamp: crtime        Aug 14 12:19:41 2008 
                user:lp:r-------------:-------:deny
                 owner@:--x-----------:-------:deny
                 owner@:rw-p---A-W-Co-:-------:allow
                 group@:-wxp----------:-------:deny
                 group@:r-------------:-------:allow
              everyone@:-wxp---A-W-Co-:-------:deny
              everyone@:r-----a-R-c--s:-------:allow

In verbose form:

ls -v@ -/v -% all /tank/fs/hamlet.txt
-rw-r--r--+  1 root     root      211179 Aug 14 12:20 /tank/fs/hamlet.txt
                {archive,hidden,readonly,system,appendonly,nonodump,
                 immutable,noav_modified,noav_quarantined,nounlink}
                timestamp: atime         Aug 14 12:21:12 2008 
                timestamp: ctime         Aug 14 12:32:58 2008 
                timestamp: mtime         Aug 14 12:20:08 2008 
                timestamp: crtime        Aug 14 12:19:41 2008 
     0:user:lp:read_data:deny
     1:owner@:execute:deny
     2:owner@:read_data/write_data/append_data/write_xattr/write_attributes
         /write_acl/write_owner:allow
     3:group@:write_data/append_data/execute:deny
     4:group@:read_data:allow
     5:everyone@:write_data/append_data/write_xattr/execute/write_attributes
         /write_acl/write_owner:deny
     6:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow

One interesting thing it doesn't tell me about this file is that it is that all that information is encrypted on disk. For that I have to use zfs(1): 

# zfs get encryption tank/fs
NAME     PROPERTY    VALUE        SOURCE
tank/fs  encryption  on           local

Or a little more verbosely: 

# zfs list -r -o name,encryption,keyscope,keystatus,mounted tank 
NAME           CRYPT  KEYSCOPE    KEYSTATUS  MOUNTED
tank             off      pool    undefined      yes
tank/fs           on      pool    available      yes

I wonder if it is worth having the verbose ls(1) output indicate that the file was encrypted on "disk" by the filesystem.

What would people do with that info if they had it ? Any ideas let me know.

( Aug 14 2008, 12:49:15 PM BST ) Permalink Comments [2]

Comments:

Is the file encrypted, or is the filesystem encrypted? If the filesystem is encrypted, then the file won't even know, will it?

Posted by Stephen Potter on August 15, 2008 at 03:24 AM BST #

Stephen: In the ZFS case (the one above) it is the filesystem that is encrypted. files don't "know" anything but if we made "encrypted" an extended attribute (read-only) then ls(1) would be able to show that it was encrypted. If you then copied the file and all its attributes to a non encrypting filesystem then the encrytped attribute would not be set.

Posted by Darren Moffat on August 15, 2008 at 10:40 AM BST #

Post a Comment:

Comments are closed for this entry.

Valid HTML! Valid CSS!


follow darrenmoffat at http://twitter.com
Get OpenSolaris Use OpenOffice.org

This is a personal weblog, I do not speak for my employer.