File Operations with CIP
The following tables describe expected behaviors when moving files. The behavior is different between Linux and Windows.
Move Operation
Source | Destination | Result | PQS |
---|---|---|---|
GP1(Key1) | GP1(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key2) | Copy & Delete performed. The destination file is decrypted. It will be encrypted with the next DDC scan. | The entity at the source is updated for deletion. A new entity is created for the destination. |
GP1(Key1) - GDPR | GP2(Key1) - PCI | Copy & Delete performed. The destination file is decrypted. It will be encrypted with the next DDC scan. | The entity at the source is updated for deletion. A new entity is created for the destination. |
The following error displays for PQS Events for the copy & delete scenario, but it does not impact functionality:
Note
[VMD] [ERROR] [3452] [DGV6002E] Data governance exception with error [gp E:\\GP\\w98_28sta03key2 not found] in [dgv::vm::pqs::vm_pqs_file_entity_manager::persist_file_access_event] at line [799]
Move Operation
Source | Destination | Result | PQS |
---|---|---|---|
GP1(Key1) | GP1(Key1) | Rename is performed and the file remains encrypted. | Entity information is updated accordingly. |
GP1(Key1) | GP2(Key1) | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
GP1(Key1) | GP2(Key2) | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
GP1(Key1) - GDPR | GP2(Key1) - PCI | Copy & Delete is performed. Linux does not support file rename from key to clear_key. The following error displays: mv: setting attribute ‘user.::secfs:xattr:’ for ‘user.::secfs:xattr:’: Invalid argument | No update in DB |
Edit Operation
If files encrypted with CTE 7.2.0 are modified in VI editor, they become plaintext on the local storage and NFS server. The non-key users can see the encrypted files in plaintext.
Workaround: Disable the creation of default temporary files (swap files) in the VI editor using the following settings in ~/.vimrc
:
set nobackup
: Prevents creation of backup files.set nowritebackup
: Prevents creation of backup files while editing files.set noswapfile
: Prevents creation of swap files.
Truncate Operation
CIP supports the truncate operation during and after remediation of the files.
Note
• Truncate operation is allowed on plain or encrypted file.
• File remains in the same state (plain or encrypted) after the truncate operation.
• File access should work as per the CTE policy.