User keystore

The user keystore is managed automatically for most common operations. The efskeymgr command is used for maintenance tasks and advanced EFS use. Users can create encrypted files and directories with the efsmgr command. Key store management is integrated into most user admin commands. If a user is added to a group, then the user will automatically have access to the group keystore.

A file owner with EFS access to the file use the efsmgr command to grant EFS access to other users and groups (similar to the control that file owners have with ACLs in UNIX). Users can change their passwords without effecting separate processes running under the same UID with an open keystore.