1 2 UFS Extended Attributes Copyright 3 4The UFS Extended Attributes implementation is copyright Robert Watson, and 5is made available under a Berkeley-style license. 6 7 About UFS Extended Attributes 8 9Extended attributes allow the association of additional arbitrary 10meta-data with files and directories. Extended attributes are defined in 11the form name=value, where name is an nul-terminated string in the style 12of a filename, and value is a binary blob of zero or more bytes. The UFS 13extended attribute service layers support for extended attributes onto a 14backing file, in the style of the quota implementation, meaning that it 15requires no underlying format changes in the filesystem. This design 16choice exchanges simplicity, usability and easy deployment for 17performance. When defined, extended attribute names exist in a series of 18disjoint namespaces: currently, two namespaces are defined: 19EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER. The primary 20distinction lies in the protection model: USER EAs are protected using the 21normal inode protections, whereas SYSTEM EAs require privilege to access 22or modify. 23 24 Using UFS Extended Attributes 25 26Support for UFS extended attributes is natively available in UFS2, and 27requires no special configuration. For reliability, administrative, 28and performance reasons, if you plan to use extended attributes, it 29is recommended that you use UFS2 in preference to UFS1. 30 31Support for UFS extended attributes may be enabled for UFS1 by adding: 32 33 options UFS_EXTATTR 34 35to your kernel configuration file. This allows UFS-based filesystems to 36support extended attributes, but requires manual administration of EAs 37using the extattrctl tool, including the starting of EA support for each 38filesystem, and the enabling of individual attributes for the file 39system. The extattrctl utility may be used to initialize backing files 40before first use, to start and stop EA service on a filesystem, and to 41enable and disable named attributes. The command lines for extattrctl 42take the following forms: 43 44 extattrctl start [path] 45 extattrctl stop [path] 46 extattrctl initattr [-f] [-p path] [attrsize] [attrfile] 47 extattrctl enable [path] [attrnamespace] [attrname] [attrfile] 48 extattrctl disable [path] [attrnamespace] [attrname] 49 50In each case, [path] is used to indicate the mounted filesystem on which 51to perform the operation. [attrnamespace] refers to the namespace in 52which the attribute is being manipulated, and may be "system" or "user". 53The [attrname] is the attribute name to use for the operation. The 54[attrfile] argument specifies the attribute backing file to use. When 55using the "initattr" function to initialize a backing file, the maximum 56size of attribute data must be defined in bytes using the [attrsize] 57field. Optionally, the [-p path] argument may be used to indicate to 58extattrctl that it should pre-allocate space for EA data, rather than 59creating a sparse backing file. This prevents attribute operations from 60failing in low disk-space conditions (which can be important when EAs are 61used for security purposes), but pre-allocation will consume space 62proportional to the product of the defined maximum attribute size and 63number of attributes on the specified filesystem. 64 65Manual configuration increases administrative overhead, but also 66introduces the possibility of race conditions during filesystem mount, if 67EAs are used to support other features, as starting the EAs manually is 68not atomic with the mount operation. To address this problem, an 69additional kernel option may be defined to auto-start EAs on a UFS file 70system based on special directories at mount-time: 71 72 options UFS_EXTATTR_AUTOSTART 73 74If this option is defined, UFS will search for a ".attribute" 75sub-directory of the filesystem root during the mount operation. If it 76is found, EA support will be started for the filesystem. UFS will then 77search for "system" and "user" sub-directories of the ".attribute" 78directory for any potential backing files, and enable an EA for each valid 79backing file with the name of the backing file as the attribute name. 80For example, by creating the following tree, the two EAs, 81posix1e.acl_access and posix1e.acl_default will be enabled in the system 82namespace of the root filesystem, reserving space for attribute data: 83 84 mkdir -p /.attribute/system 85 cd /.attribute/system 86 extattrctl initattr -p / 388 posix1e.acl_access 87 extattrctl initattr -p / 388 posix1e.acl_default 88 89On the next mount of the root filesystem, the attributes will be 90automatically started. 91