Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
CATTACH(1)		    General Commands Manual		    CATTACH(1)

       cattach - attach	encrypted directory to CFS

       cattach [ -l ] [	-- ] [ -t minutes] [ -i	minutes] directory name

       cattach	associates  the	 encrypted  directory (previously created with
       cmkdir(1)) with the specified name.  cattach prompts for	a  passphrase,
       which  is  used	to  generate cryptographic keys	sent to	the cfs	daemon
       cfsd(8) and used	to transparently encrypt  and  decrypt	the  files  as
       needed.	 If  the  correct passphrase is	given (as verified by a	known-
       plaintext hash file in the encrypted directory),	the  user  may	there-
       after  access  the cleartext of the files in a virtual directory	called
       name under the CFS mount	point (usually /crypt).	 Otherwise, no virtual
       directory is created.  The underlying directory may be specified	either
       as an absolute path or relative to the current directory.

       If no Iname is specified, the last path component of directory is  used
       as a default.

       If  the -l ("lower security mode") option is given, newly created iden-
       tical files will	encrypt	to identical ciphertexts.  Otherwise, the cre-
       ation time plus the original inode number of the	encrypted file is used
       to perturb each file, frustrating certain cryptanalytic attacks.	 Under
       highly  concurrent  operation  with  multiple instances of the same en-
       crypted directory, however, lower security  mode	 may  be  required  to
       avoid  some race	conditions.  This mode also makes recovery (from back-
       ups) of individual encrypted files a bit	simpler.

       Note that attached virtual directories may be used only by users	 whose
       UID is the same as the issuer of	the cattach command.

       Ordinarily,  the	names of all currently attached	directories can	be ob-
       tained by listing the contents of /crypt	(e.g., with  ls(1)).   If  the
       specified  name begins with a '.' (dot),	however, cfsd will not include
       the name	in directory listings.	By using a  hard-to-guess  name,  this
       mechanism  can be used to provide some protection against attackers who
       can spoof the UID on the	client machine.	 See the ssh(1)	command	for an
       example of this usage.

       The  -t	option	causes	the  attach to automatically go	away after the
       specified number	of minutes.  The -i option deletes the attach after  a
       specified number	of minutes of inactivity.  Note	that these options, if
       used, should be chosen with some	care; too short	timeouts may  actually
       increase	the risk of compromise of frequently re-typed passphrases.

       cattach	will  normally attempt to read the passphrase from the tty de-
       vice (/dev/tty) and will	not echo.  The -- options  forces  cattach  to
       read from stdin.

       Virtual	directories should be removed with the cdetach(1) command when
       no longer in use.

       cattach /u/mab/secrets mab
	      associates encrypted directory "/u/mab/secrets" with the cleart-
	      ext name "mab".  Creates virtual directory "/crypt/mab".

       cattach /u/mab/secrets .123xyzzy
	      associates encrypted directory "/u/mab/secrets" with the cleart-
	      ext name ".123xyzzy".  The cleartext name	will not appear	 in  a
	      listing of /crypt.

       cattach -l secrets mab
	      associates  the encrypted	directory "secrets" in the current di-
	      rectory with the cleartext name "mab".  Identical	files will en-
	      crypt to the same	ciphertext.

	      currently	attached cleartext instances

       cfsd(8),	cdetach(1), cmkdir(1), ssh(1)

       Really,	really	slow  machines	can time out on	the RPC	before cfsd is
       finished	processing the attach command, especially when 3-DES is	 used.
       Such  machines  should probably be considered too slow to be running an
       encrypted file system anyway.

       You can't attach	an  already  encrypted	directory,  lest  the  single-
       threaded	cfsd find itself in a deadlock.

       There really should be a	better security	mechanism than the UID to pro-
       tect against spoofing currently attached	directories.  The  .name  hack
       is  an  ugly kludge.  In	particular, it would be	better to limit	access
       to the process group of the user	who issued the cattach	command.   Un-
       fortunately, that information is	not passed to cfsd.

       The timeout isn't perfect, and may occur	a minute or two	later than ex-

       Matt Blaze; for information on cfs, email to



Want to link to this manual page? Use this URL:

home | help