[thirdparty/man-pages.git] / man7 / xattr.7

.\" Extended attributes manual page
.\"
.\" Copyright (C) 2000, 2002, 2007  Andreas Gruenbacher <agruen@suse.de>
.\" Copyright (C) 2001, 2002, 2004, 2007 Silicon Graphics, Inc.
.\" All rights reserved.
.\"
.\" SPDX-License-Identifier: GPL-2.0-or-later
.\"
.TH XATTR 7 2022-09-09 "Linux man-pages (unreleased)"
.SH NAME
xattr \- Extended attributes
.SH DESCRIPTION
Extended attributes are name:value pairs associated permanently with
files and directories, similar to the environment strings associated
with a process.
An attribute may be defined or undefined.
If it is defined, its value may be empty or non-empty.
.PP
Extended attributes are extensions to the normal attributes which are
associated with all inodes in the system (i.e., the
.BR stat (2)
data).
They are often used to provide additional functionality
to a filesystem\(emfor example, additional security features such as
Access Control Lists (ACLs) may be implemented using extended attributes.
.PP
Users with search access to a file or directory may use
.BR listxattr (2)
to retrieve a list of attribute names defined for that file or directory.
.PP
Extended attributes are accessed as atomic objects.
Reading
.RB ( getxattr (2))
retrieves the whole value of an attribute and stores it in a buffer.
Writing
.RB ( setxattr (2))
replaces any previous value with the new value.
.PP
Space consumed for extended attributes may be counted towards the disk quotas
of the file owner and file group.
.SS Extended attribute namespaces
Attribute names are null-terminated strings.
The attribute name is always specified in the fully qualified
.I namespace.attribute
form, for example,
.IR user.mime_type ,
.IR trusted.md5sum ,
.IR system.posix_acl_access ,
or
.IR security.selinux .
.PP
The namespace mechanism is used to define different classes of extended
attributes.
These different classes exist for several reasons;
for example, the permissions
and capabilities required for manipulating extended attributes of one
namespace may differ to another.
.PP
Currently, the
.IR security ,
.IR system ,
.IR trusted ,
and
.I user
extended attribute classes are defined as described below.
Additional classes may be added in the future.
.SS Extended security attributes
The security attribute namespace is used by kernel security modules,
such as Security Enhanced Linux, and also to implement file capabilities (see
.BR capabilities (7)).
Read and write access permissions to security attributes depend on the
policy implemented for each security attribute by the security module.
When no security module is loaded, all processes have read access to
extended security attributes, and write access is limited to processes
that have the
.B CAP_SYS_ADMIN
capability.
.SS System extended attributes
System extended attributes are used by the kernel to store system
objects such as Access Control Lists.
Read and write
access permissions to system attributes depend on the policy implemented
for each system attribute implemented by filesystems in the kernel.
.SS Trusted extended attributes
Trusted extended attributes are visible and accessible only to processes that
have the
.B CAP_SYS_ADMIN
capability.
Attributes in this class are used to implement mechanisms in user
space (i.e., outside the kernel) which keep information in extended attributes
to which ordinary processes should not have access.
.SS User extended attributes
User extended attributes may be assigned to files and directories for
storing arbitrary additional information such as the mime type,
character set or encoding of a file.
The access permissions for user
attributes are defined by the file permission bits:
read permission is required to retrieve the attribute value,
and writer permission is required to change it.
.PP
The file permission bits of regular files and directories are
interpreted differently from the file permission bits of special files
and symbolic links.
For regular files and directories the file
permission bits define access to the file's contents, while for device special
files they define access to the device described by the special file.
The file permissions of symbolic links are not used in access checks.
These differences would allow users to consume filesystem resources in
a way not controllable by disk quotas for group or world writable
special files and directories.
.PP
For this reason,
user extended attributes are allowed only for regular files and directories,
and access to user extended attributes is restricted to the
owner and to users with appropriate capabilities for directories with the
sticky bit set (see the
.BR chmod (1)
manual page for an explanation of the sticky bit).
.SS Filesystem differences
The kernel and the filesystem may place limits on the maximum number
and size of extended attributes that can be associated with a file.
The VFS-imposed limits on attribute names and values are 255 bytes
and 64\ kB, respectively.
The list of attribute names that
can be returned is also limited to 64\ kB
(see BUGS in
.BR listxattr (2)).
.PP
Some filesystems, such as Reiserfs (and, historically, ext2 and ext3),
require the filesystem to be mounted with the
.B user_xattr
mount option in order for user extended attributes to be used.
.PP
In the current ext2, ext3, and ext4 filesystem implementations,
the total bytes used by the names and values of all of a file's
extended attributes must fit in a single filesystem block (1024, 2048
or 4096 bytes, depending on the block size specified when the
filesystem was created).
.PP
In the Btrfs, XFS, and Reiserfs filesystem implementations, there is no
practical limit on the number of extended attributes
associated with a file, and the algorithms used to store extended
attribute information on disk are scalable.
.PP
In the JFS, XFS, and Reiserfs filesystem implementations,
the limit on bytes used in an EA value is the ceiling imposed by the VFS.
.PP
In the Btrfs filesystem implementation,
the total bytes used for the name, value, and implementation overhead bytes
is limited to the filesystem
.I nodesize
value (16\ kB by default).
.SH STANDARDS
Extended attributes are not specified in POSIX.1, but some other systems
(e.g., the BSDs and Solaris) provide a similar feature.
.SH NOTES
Since the filesystems on which extended attributes are stored might also
be used on architectures with a different byte order and machine word
size, care should be taken to store attribute values in an
architecture-independent format.
.PP
This page was formerly named
.BR attr (5).
.\" .SH AUTHORS
.\" Andreas Gruenbacher,
.\" .RI < a.gruenbacher@bestbits.at >
.\" and the SGI XFS development team,
.\" .RI < linux-xfs@oss.sgi.com >.
.SH SEE ALSO
.BR attr (1),
.BR getfattr (1),
.BR setfattr (1),
.BR getxattr (2),
.BR ioctl_iflags (2),
.BR listxattr (2),
.BR removexattr (2),
.BR setxattr (2),
.BR acl (5),
.BR capabilities (7),
.BR selinux (8)
Commit	Line	Data
544a5910 AG	1	.\" Extended attributes manual page
	2	.\"
	3	.\" Copyright (C) 2000, 2002, 2007 Andreas Gruenbacher <agruen@suse.de>
	4	.\" Copyright (C) 2001, 2002, 2004, 2007 Silicon Graphics, Inc.
	5	.\" All rights reserved.
	6	.\"
e4a74ca8	7	.\" SPDX-License-Identifier: GPL-2.0-or-later
544a5910	8	.\"
17285b25	9	.TH XATTR 7 2022-09-09 "Linux man-pages (unreleased)"
544a5910	10	.SH NAME
bbbaa1f6	11	xattr \- Extended attributes
544a5910 AG	12	.SH DESCRIPTION
	13	Extended attributes are name:value pairs associated permanently with
	14	files and directories, similar to the environment strings associated
	15	with a process.
	16	An attribute may be defined or undefined.
	17	If it is defined, its value may be empty or non-empty.
	18	.PP
	19	Extended attributes are extensions to the normal attributes which are
ebce8403	20	associated with all inodes in the system (i.e., the
544a5910 AG	21	.BR stat (2)
	22	data).
	23	They are often used to provide additional functionality
ca7d9e34	24	to a filesystem\(emfor example, additional security features such as
544a5910 AG	25	Access Control Lists (ACLs) may be implemented using extended attributes.
544a5910 AG	26	.PP
d59b17a4 MK	27	Users with search access to a file or directory may use
	28	.BR listxattr (2)
	29	to retrieve a list of attribute names defined for that file or directory.
544a5910 AG	30	.PP
544a5910 AG	31	Extended attributes are accessed as atomic objects.
d59b17a4 MK	32	Reading
	33	.RB ( getxattr (2))
	34	retrieves the whole value of an attribute and stores it in a buffer.
	35	Writing
	36	.RB ( setxattr (2))
	37	replaces any previous value with the new value.
544a5910	38	.PP
54015724	39	Space consumed for extended attributes may be counted towards the disk quotas
544a5910	40	of the file owner and file group.
b63436d8	41	.SS Extended attribute namespaces
68d53b6d	42	Attribute names are null-terminated strings.
544a5910	43	The attribute name is always specified in the fully qualified
1ae6b2c7	44	.I namespace.attribute
ebce8403	45	form, for example,
544a5910 AG	46	.IR user.mime_type ,
	47	.IR trusted.md5sum ,
	48	.IR system.posix_acl_access ,
	49	or
	50	.IR security.selinux .
	51	.PP
	52	The namespace mechanism is used to define different classes of extended
	53	attributes.
ebce8403 MK	54	These different classes exist for several reasons;
ebce8403 MK	55	for example, the permissions
544a5910 AG	56	and capabilities required for manipulating extended attributes of one
	57	namespace may differ to another.
	58	.PP
ca7d9e34	59	Currently, the
544a5910 AG	60	.IR security ,
	61	.IR system ,
	62	.IR trusted ,
	63	and
1ae6b2c7	64	.I user
933e4675 MK	65	extended attribute classes are defined as described below.
933e4675 MK	66	Additional classes may be added in the future.
544a5910 AG	67	.SS Extended security attributes
544a5910 AG	68	The security attribute namespace is used by kernel security modules,
d8ba7694 MK	69	such as Security Enhanced Linux, and also to implement file capabilities (see
d8ba7694 MK	70	.BR capabilities (7)).
544a5910 AG	71	Read and write access permissions to security attributes depend on the
	72	policy implemented for each security attribute by the security module.
	73	When no security module is loaded, all processes have read access to
	74	extended security attributes, and write access is limited to processes
5ee7f61c MK	75	that have the
	76	.B CAP_SYS_ADMIN
	77	capability.
fc8d1db1 MK	78	.SS System extended attributes
fc8d1db1 MK	79	System extended attributes are used by the kernel to store system
d8ba7694	80	objects such as Access Control Lists.
933e4675	81	Read and write
544a5910 AG	82	access permissions to system attributes depend on the policy implemented
	83	for each system attribute implemented by filesystems in the kernel.
	84	.SS Trusted extended attributes
	85	Trusted extended attributes are visible and accessible only to processes that
5ee7f61c MK	86	have the
5ee7f61c MK	87	.B CAP_SYS_ADMIN
b4a61f89	88	capability.
544a5910 AG	89	Attributes in this class are used to implement mechanisms in user
	90	space (i.e., outside the kernel) which keep information in extended attributes
	91	to which ordinary processes should not have access.
b25d3e70 MK	92	.SS User extended attributes
b25d3e70 MK	93	User extended attributes may be assigned to files and directories for
544a5910	94	storing arbitrary additional information such as the mime type,
933e4675 MK	95	character set or encoding of a file.
933e4675 MK	96	The access permissions for user
03a93c37 MK	97	attributes are defined by the file permission bits:
	98	read permission is required to retrieve the attribute value,
	99	and writer permission is required to change it.
544a5910 AG	100	.PP
	101	The file permission bits of regular files and directories are
	102	interpreted differently from the file permission bits of special files
933e4675 MK	103	and symbolic links.
933e4675 MK	104	For regular files and directories the file
544a5910 AG	105	permission bits define access to the file's contents, while for device special
544a5910 AG	106	files they define access to the device described by the special file.
933e4675 MK	107	The file permissions of symbolic links are not used in access checks.
	108	These differences would allow users to consume filesystem resources in
	109	a way not controllable by disk quotas for group or world writable
	110	special files and directories.
544a5910	111	.PP
933e4675	112	For this reason,
b25d3e70 MK	113	user extended attributes are allowed only for regular files and directories,
b25d3e70 MK	114	and access to user extended attributes is restricted to the
544a5910 AG	115	owner and to users with appropriate capabilities for directories with the
	116	sticky bit set (see the
	117	.BR chmod (1)
54015724	118	manual page for an explanation of the sticky bit).
b63436d8	119	.SS Filesystem differences
544a5910 AG	120	The kernel and the filesystem may place limits on the maximum number
544a5910 AG	121	and size of extended attributes that can be associated with a file.
77dd5bce ŠN	122	The VFS-imposed limits on attribute names and values are 255 bytes
77dd5bce ŠN	123	and 64\ kB, respectively.
5c69f84a	124	The list of attribute names that
c4b7e5ac	125	can be returned is also limited to 64\ kB
92b1a2cc MK	126	(see BUGS in
92b1a2cc MK	127	.BR listxattr (2)).
a721e8b2	128	.PP
9a7d1c23 MK	129	Some filesystems, such as Reiserfs (and, historically, ext2 and ext3),
9a7d1c23 MK	130	require the filesystem to be mounted with the
544a5910	131	.B user_xattr
b25d3e70	132	mount option in order for user extended attributes to be used.
544a5910	133	.PP
3d33987b	134	In the current ext2, ext3, and ext4 filesystem implementations,
74532967	135	the total bytes used by the names and values of all of a file's
6ad46a9d	136	extended attributes must fit in a single filesystem block (1024, 2048
544a5910 AG	137	or 4096 bytes, depending on the block size specified when the
	138	filesystem was created).
	139	.PP
b68d4dc3	140	In the Btrfs, XFS, and Reiserfs filesystem implementations, there is no
6db035a3	141	practical limit on the number of extended attributes
544a5910 AG	142	associated with a file, and the algorithms used to store extended
544a5910 AG	143	attribute information on disk are scalable.
a721e8b2	144	.PP
edb159da MK	145	In the JFS, XFS, and Reiserfs filesystem implementations,
edb159da MK	146	the limit on bytes used in an EA value is the ceiling imposed by the VFS.
a721e8b2	147	.PP
7f4f24ea MK	148	In the Btrfs filesystem implementation,
	149	the total bytes used for the name, value, and implementation overhead bytes
	150	is limited to the filesystem
	151	.I nodesize
c4b7e5ac	152	value (16\ kB by default).
3113c7f3	153	.SH STANDARDS
b124a27b MK	154	Extended attributes are not specified in POSIX.1, but some other systems
b124a27b MK	155	(e.g., the BSDs and Solaris) provide a similar feature.
7ee629ab	156	.SH NOTES
544a5910 AG	157	Since the filesystems on which extended attributes are stored might also
544a5910 AG	158	be used on architectures with a different byte order and machine word
5871fb36 MK	159	size, care should be taken to store attribute values in an
5871fb36 MK	160	architecture-independent format.
a721e8b2	161	.PP
367f5ee5 MK	162	This page was formerly named
367f5ee5 MK	163	.BR attr (5).
31a369b8 MK	164	.\" .SH AUTHORS
	165	.\" Andreas Gruenbacher,
	166	.\" .RI < a.gruenbacher@bestbits.at >
	167	.\" and the SGI XFS development team,
	168	.\" .RI < linux-xfs@oss.sgi.com >.
544a5910	169	.SH SEE ALSO
c8fb1c6d	170	.BR attr (1),
5ee7f61c	171	.BR getfattr (1),
aad5c297 MK	172	.BR setfattr (1),
aad5c297 MK	173	.BR getxattr (2),
c05935a2	174	.BR ioctl_iflags (2),
aad5c297 MK	175	.BR listxattr (2),
	176	.BR removexattr (2),
	177	.BR setxattr (2),
	178	.BR acl (5),
bba4bbbd	179	.BR capabilities (7),
9863b9ac	180	.BR selinux (8)