Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.





So I have had the chance to work with Navigator Encrypt once again and I inevitably come to the part where I have to create encrypted filesystems (navencrypt-prepare) on a brand new host.  This is simple enough - no issues there.  What confuses me is the need for using navencrypt-move.  I just don't get why I would need to run this command on a newly built host with no existing data.  It seems redundant.


Granted, I also don't tend to use the navencypt ACLs.  That would be one reason why I could see to use navencrypt-move.


Can anyone explain the purpose of navencrypt-move on a fresh machine?


Re: navencrypt-move

Expert Contributor



Navencryt-move is a nessecary component of the Navencrypt suite.  Navencrypt operates at the kernel level using file system hooks. The module relies on a number of components to control data access including file pathing both inside of and outside of the encrypted volume. The information and options specified in the move operation are connected to parts of the module authentication framework.


Navencrypt should not be used in administrative or permissive modes perpetually. You should be using ACLs of some kind, we document these options and controls. You should not perform writes directly to encrypted volumes but rather you should be using the originally linked paths. You should not prepare and mount disk to the original data directories you intend to use for your applications. If you have questions related to the operation and deployment of this part of the software stack please engage members of your account team for additional guidance.

Customer Operations Engineer | Security SME | Cloudera, Inc.
Don't have an account?
Coming from Hortonworks? Activate your account here