PGP NetShare Command Line utility does not assign roles properly

Article:TECH149507  |  Created: 2009-08-06  |  Updated: 2011-02-05  |  Article URL http://www.symantec.com/docs/TECH149507
Article Type
Technical Solution


Issue




PGP NetShare provides transparent, end-to-end encryption for shared file storage. PGP NetShare enables specific users to share protected files in a shared space, such as on a corporate file server, in a shared folder, or on removable media such as a USB drive.

PGP NetShare Command Line gives you access to PGP NetShare functionality using a command-line interface. Accessing PGP NetShare functions from the command line is useful for scripting PGP NetShare functions, troubleshooting problems, or if the graphical user interface is not available.


Solution




When encrypting a file or folder with PGP NetShare, users or groups are added to the access control list for the folder. Only those users who are added to can access the encrypted data within the PGP NetShare folder.

Users are assigned roles which designate their type of access to the PGP NetShare folder. The roles for PGP NetShare folders include Admin, Group Admin, and User.

  • Admins - Members of the Admins group can assign the user roles of users to either Group Admin or User. A PGP NetShare folder is limited to one Admin user.
  • Group Admins - Group Admins can re-encrypt, decrypt, and add or remove users from a PGP NetShare folder.
  • Users - Users have access to a folder. They cannot re-encrypt, decrypt, nor add other PGP NetShare users to the folder.
Typically, encryption of folders with PGP NetShare is done via the PGP NetShare User Interface within PGP Desktop, however it is possible to use a PGP NetShare Command Line utility to perform these operations.

However, there is a known limitation when using the PGP NetShare Command Line Utility where user roles are not properly assigned. When the PGP NetShare Command Line Utility is used to create/encrypt a PGP NetShare folder, all users are given the Admin Group role which allows the users decrypt or re-encrypt the folder.

To avoid this issue, use the PGP NetShare User Interface within PGP Desktop to encrypt or re-encrypt the PGP NetShare folders.



Legacy ID



1573


Article URL http://www.symantec.com/docs/TECH149507


Terms of use for this information are found in Legal Notices