efs_admin administration key

The efs_admin keystore contains a special key which can open any user or group keystore in root admin mode (the default mode).

The password to open this special keystore is stored in root user and security group keystores when EFS is activated. This password can be given to other groups and users or removed with the efskeymgr command. This key, in conjunction with the RBAC aix.security.efsauthorization, allows an user to administrate EFS (that is,, access keystores in root admin mode).

efs_admin RBAC considerations

On systems with Role Based Access Control enabled, the efs_admin command is protected with the aix.security.efs authorization.