cfsd - cryptographic file system daemon

cfsd

cfsd is the user-level daemon for the Cryptographic File System (CFS). It is essentially an RPC server for the NFS protocol augmented with the CFS_ADMIN protocol. It listens on the CFS port (ordinarily port 3049) on the localhost interface.

The main function of cfsd is to manage the keys for currently attached encrypted directories, presenting them in clear form under the CFS mount point (typically "/crypt").

cfsd should ordinarily be invoked at boot time from /etc/rc (or /etc/rc.local). The rc file should also start mountd(8) daemon with least one file system exported to localhost; note that cfsd itself does not handle the mount protocol. Once a mountd is running, the mount(8) command should be invoked to mount the exported file system from the localhost interface with port=3049.

/usr/local/etc/cfsd

invokes cfs (in /etc/rc)

/etc/mount -o port=3049,intr localhost:/ /crypt

mounts cfs on /crypt (in /etc/rc)

/crypt

cfs mount point

/etc/exports

exported file systems

cattach(1), cdetach(1), mountd(8), mount(8)

cfsd is single threaded, which means it doesn't handle lots of simultanious operations very well. In particular, it is not possible to recursively attach encrypted directories, since that would lead to a deadlock.

Matt Blaze; for information on cfs, email to cfs@research.att.com.