FSATTR(7) Standards, Environments, and Macros FSATTR(7)
NAME
fsattr - extended file attributes
DESCRIPTION
Attributes are logically supported as files within the file system. The
file system is therefore augmented with an orthogonal name space of file
attributes. Any file (including attribute files) can have an arbitrarily
deep attribute tree associated with it. Attribute values are accessed by
file descriptors obtained through a special attribute interface. This
logical view of "attributes as files" allows the leveraging of existing
file system interface functionality to support the construction,
deletion, and manipulation of attributes.
The special files "." and ".." retain their accustomed semantics within
the attribute hierarchy. The "." attribute file refers to the current
directory and the ".." attribute file refers to the parent directory.
The unnamed directory at the head of each attribute tree is considered
the "child" of the file it is associated with and the ".." file refers to
the associated file. For any non-directory file with attributes, the
".." entry in the unnamed directory refers to a file that is not a
directory.
Conceptually, the attribute model is fully general. Extended attributes
can be any type of file (doors, links, directories, and so forth) and can
even have their own attributes (fully recursive). As a result, the
attributes associated with a file could be an arbitrarily deep directory
hierarchy where each attribute could have an equally complex attribute
tree associated with it. Not all implementations are able to, or want
to, support the full model. Implementation are therefore permitted to
reject operations that are not supported. For example, the
implementation for the UFS file system allows only regular files as
attributes (for example, no sub-directories) and rejects attempts to
place attributes on attributes.
The following list details the operations that are rejected in the
current implementation:
link Any attempt to create links between attribute
and non-attribute space is rejected to prevent
security-related or otherwise sensitive
attributes from being exposed, and therefore
manipulable, as regular files.
rename Any attempt to rename between attribute and non-
attribute space is rejected to prevent an
already linked file from being renamed and
thereby circumventing the
link restriction
above.
mkdir,
symlink,
mknod Any attempt to create a "non-regular" file in
attribute space is rejected to reduce the
functionality, and therefore exposure and risk,
of the initial implementation.
The entire available name space has been allocated to "general use" to
bring the implementation in line with the NFSv4 draft standard [NFSv4].
That standard defines "named attributes" (equivalent to Solaris Extended
Attributes) with no naming restrictions. All Sun applications making use
of opaque extended attributes will use the prefix "SUNW".
Shell-level API The command interface for extended attributes is the set of applications
provided by Solaris for the manipulation of attributes from the command
line. This interface consists of a set of existing utilities that have
been extended to be "attribute-aware", plus the
runat utility designed to
"expose" the extended attribute space so that extended attributes can be
manipulated as regular files.
The
-@ option enable utilities to manipulate extended attributes. As a
rule, this option enables the utility to enter into attribute space when
the utility is performing a recursive traversal of file system space.
This is a fully recursive concept. If the underlying file system supports
recursive attributes and directory structures, the
-@ option opens these
spaces to the file tree-walking algorithms.
The following utilities accommodate extended attributes (see the
individual manual pages for details):
cp By default,
cp ignores attributes and copies only file data.
This is intended to maintain the semantics implied by
cp currently, where attributes (such as owner and mode) are not
copied unless the
-p option is specified. With the
-@ (or
-p)
option,
cp attempts to copy all attributes along with the file
data.
cpio The
-@ option informs
cpio to archive attributes, but by default
cpio ignores extended attributes. See
Extended Archive Formats below for a description of the new archive records.
du File sizes computed include the space allocated for any extended
attributes present.
find By default,
find ignores attributes. The
-xattr expression
provides support for searches involving attribute space. It
returns true if extended attributes are present on the current
file.
fsck The
fsck utility manages extended attribute data on the disk. A
file system with extended attributes can be mounted on versions
of Solaris that are not attribute-aware (versions prior to
Solaris 9), but the attributes will not be accessible and
fsck will strip them from the files and place them in
lost+found. Once
the attributes have been stripped the file system is completely
stable on Solaris versions that are not attribute-aware, but
would now be considered corrupted on attribute-aware versions of
Solaris. The attribute-aware
fsck utility should be run to
stabilize the file system before using it in an attribute-aware
environment.
fsdb This
fsdb utility is able to find the inode for the "hidden"
extended attribute directory.
ls The
ls -@ command displays an "@" following the mode information
when extended attributes are present. More precisely, the output
line for a given file contains an "@" character following the
mode characters if the
pathconf(2) variable
XATTR_EXISTS is set
to true. See the
pathconf() section below. The
-@ option uses
the same general output format as the
-l option.
mv When a file is moved, all attributes are carried along with the
file rename. When a file is moved across a file system boundary,
the copy command invoked is similar to the
cp -p variant
described above and extended attributes are "moved". If the
extended file attributes cannot be replicated, the move operation
fails and the source file is not removed.
pax The
-@ option informs
pax to archive attributes, but by default
pax ignores extended attributes. The
pax(1) utility is a generic
replacement for both
tar(1) and
cpio(1) and is able to produce
either output format in its archive. See
Extended Archive Formats below for a description of the new archive records.
tar In the default case,
tar does not attempt to place attributes in
the archive. If the
-@ option is specified, however,
tar traverses into the attribute space of all files being placed in
the archive and attempts to add the attributes to the archive. A
new record type has been introduced for extended attribute
entries in
tar archive files (the same is true for
pax and
cpio archives) similar to the way ACLs records were defined. See
Extended Archive Formats below for a description of the new
archive records.
There is a class of utilities (
chmod,
chown,
chgrp) that one might expect
to be modified in a manner similar to those listed above. For example,
one might expect that performing
chmod on a file would not only affect
the file itself but would also affect at least the extended attribute
directory if not any existing extended attribute files. This is not the
case. The model chosen for extended attributes implies that the
attribute directory and the attributes themselves are all file objects in
their own right, and can therefore have independent file status
attributes associated with them (a given implementation cannot support
this, for example, for intrinsic attributes). The relationship is left
undefined and a fine-grained control mechanism (
runat(1)) is provided to
allow manipulation of extended attribute status attributes as necessary.
The
runat utility has the following syntax:
runat
filename [
command]
The
runat utility executes the supplied command in the context of the
"attribute space" associated with the indicated file. If no command
argument is supplied, a shell is invoked. See
runat(1) for details.
Application-level API The primary interface required to access extended attributes at the
programmatic level is the
openat(2) function. Once a file descriptor has
been obtained for an attribute file by an
openat() call, all normal file
system semantics apply. There is no attempt to place special semantics on
read(2),
write(2),
ftruncate(3C), or other functions when applied to
attribute file descriptors relative to "normal" file descriptors.
The set of existing attributes can be browsed by calling
openat() with
"." as the file name and the
O_XATTR flag set, resulting in a file
descriptor for the attribute directory. The list of attributes is
obtained by calls to
getdents(2) on the returned file descriptor. If the
target file did not previously have any attributes associated with it, an
empty top-level attribute directory is created for the file and
subsequent
getdents() calls will return only "." and "..". While the
owner of the parent file owns the extended attribute directory, it is not
charged against its quota if the directory is empty. Attribute files
themselves, however, are charged against the user quota as any other
regular file.
Additional system calls have been provided as convenience functions.
These include the
fchownat(2),
fstatat(2),
futimesat(2),
renameat(2),
unlinkat(2). These new functions, along with
openat(), provide a
mechanism to access files relative to an arbitrary point in the file
system, rather than only the current working directory. This mechanism
is particularly useful in situations when a file descriptor is available
with no path. The
openat() function, in particular, can be used in many
contexts where
chdir() or
fchdir() is currently required. See
chdir(2).
Open a file relative to a file descriptor
int openat (int
fd, const char *
path, int
oflag [, mode_t
mode])
The
openat(2) function behaves exactly as
open(2) except when given a
relative path. Where
open() resolves a relative path from the current
working directory,
openat() resolves the path based on the vnode
indicated by the supplied file descriptor. When
oflag is
O_XATTR,
openat() interprets the
path argument as an extended attribute reference.
The following code fragment uses
openat() to examine the attributes of
some already opened file:
dfd = openat(fd, ".", O_RDONLY|O_XATTR);
(void)getdents(dfd, buf, nbytes);
If
openat() is passed the special value
AT_FDCWD as its first (
fd)
argument, its behavior is identical to
open() and the relative path
arguments are interpreted relative to the current working directory. If
the
O_XATTR flag is provided to
openat() or to
open(), the supplied path
is interpreted as a reference to an extended attribute on the current
working directory.
Unlink a file relative to a directory file descriptor
int unlinkat (int
dirfd, const char *path
flag, int flag
flag)
The
unlinkat(2) function deletes an entry from a directory. The
path argument indicates the name of the entry to remove. If
path an absolute
path, the
dirfd argument is ignored. If it is a relative path, it is
interpreted relative to the directory indicated by the
dirfd argument. If
dirfd does not refer to a valid directory, the function returns
ENOTDIR.
If the special value
AT_FDCWD is specified for
dirfd, a relative path
argument is resolved relative to the current working directory. If the
flag argument is 0, all other semantics of this function are equivalent
to
unlink(2). If
flag is set to
AT_REMOVEDIR, all other semantics of
this function are equivalent to
rmdir(2).
Rename a file relative to directories
int renameat (int
fromfd, const char *
old, int
tofd, const char *
new)
The
renameat(2) function renames an entry in a directory, possibly moving
the entry into a different directory. The
old argument indicates the
name of the entry to rename. If this argument is a relative path, it is
interpreted relative to the directory indicated by the
fd argument. If it
is an absolute path, the
fromfd argument is ignored. The
new argument
indicates the new name for the entry. If this argument is a relative
path, it is interpreted relative to the directory indicated by the
tofd argument. If it is an absolute path, the
tofd argument is ignored.
In the relative path cases, if the directory file descriptor arguments do
not refer to a valid directory, the function returns
ENOTDIR. All other
semantics of this function are equivalent to
rename(2).
If a special value
AT_FDCWD is specified for either the
fromfd or
tofd arguments, their associated path arguments (
old and
new) are interpreted
relative to the current working directory if they are not specified as
absolute paths. Any attempt to use
renameat() to move a file that is not
an extended attribute into an extended attribute directory (so that it
becomes an extended attribute) will fail. The same is true for an attempt
to move a file that is an extended attribute into a directory that is not
an extended attribute directory.
Obtain information about a file
int fstatat (int
fd, const char *
path, struct stat*
buf, int
flag)
The
fstatat(2) function obtains information about a file. If the
path argument is relative, it is resolved relative to the
fd argument file
descriptor, otherwise the
fd argument is ignored. If the
fd argument is
a special value
AT_FDCWD the path is resolved relative to the current
working directory. If the
path argument is a null pointer, the function
returns information about the file referenced by the
fd argument. In all
other relative path cases, if the
fd argument does not refer to a valid
directory, the function returns
ENOTDIR. If
AT_SYMLINK_NOFOLLOW is set in
the
flag argument, the function will not automatically traverse a
symbolic link at the position of the path. If
_AT_TRIGGER is set in the
flag argument and the vnode is a trigger mount point, the mount is
performed and the function returns the attributes of the root of the
mounted filesystem. The
fstatat() function is a multipurpose function
that can be used in place of
stat(),
lstat(), or
fstat(). See
stat(2) The function call
stat(path, buf) is identical to
fstatat(AT_FDCWD,
path, buf, 0).
The function call
lstat(path, buf) is identical to
fstatat(AT_FDCWD,
path, buf,
AT_SYMLINK_NOFOLLOW) The function call
fstat(fildes, buf) is identical to
fstatat(fildes,
NULL,
buf,
0).
Set owner and group ID
int fchownat (int
fd, const char *
path, uid_t
owner, gid_t
group, \
int
flag)
The
fchownat(2) function sets the owner ID and group ID for a file. If
the
path argument is relative, it is resolved relative to the
fd argument
file descriptor, otherwise the
fd argument is ignored. If the
fd argument is a special value
AT_FDCWD the path is resolved relative to the
current working directory. If the path argument is a null pointer, the
function sets the owner and group ID of the file referenced by the
fd argument. In all other relative path cases, if the
fd argument does not
refer to a valid directory, the function returns
ENOTDIR. If the
flag argument is set to
AT_SYMLINK_NOFOLLOW, the function will not
automatically traverse a symbolic link at the position of the path. The
fchownat() function is a multi-purpose function that can be used in place
of
chown(),
lchown(), or
fchown(). See
chown(2).
The function call
chown(path, owner, group) is equivalent to
fchownat(AT_FDCWD,
path, owner, group, 0).
The function call
lchown(path, owner, group) is equivalent to
fchownat(AT_FDCWD,
path, owner, group, AT_SYMLINK_NOFOLLOW).
Set file access and modification times
int futimesat (int
fd, const char *
path, const struct timeval \
times[2])
The
futimesat(2) function sets the access and modification times for a
file. If the
path argument is relative, it is resolved relative to the
fd argument file descriptor; otherwise the
fd argument is ignored. If
the
fd argument is the special value
AT_FDCWD, the path is resolved
relative to the current working directory. If the
path argument is a
null pointer, the function sets the access and modification times of the
file referenced by the
fd argument. In all other relative path cases, if
the
fd argument does not refer to a valid directory, the function returns
ENOTDIR. The
futimesat() function can be used in place of
utimes(2).
The function call
utimes(path, times) is equivalent to
futimesat(AT_FDCWD,
path, times).
New pathconf() functionality long int pathconf(const char *
path, int
name)
Two variables have been added to
pathconf(2) to provide enhanced support
for extended attribute manipulation. The
XATTR_ENABLED variable allows an
application to determine if attribute support is currently enabled for
the file in question. The
XATTR_EXISTS variable allows an application to
determine whether there are any extended attributes associated with the
supplied path.
Open/Create an attribute file int attropen (const char *
path, const char *
attrpath, int
oflag \
[, mode_t
mode])
The
attropen(3C) function returns a file descriptor for the named
attribute,
attrpath, of the file indicated by
path. The
oflag and
mode arguments are identical to the
open(2) arguments and are applied to the
open operation on the attribute file (for example, using the
O_CREAT flag
creates a new attribute). Once opened, all normal file system operations
can be used on the attribute file descriptor. The
attropen() function is
a convenience function and is equivalent to the following sequence of
operations:
fd = open (path, O_RDONLY);
attrfd = openat(fd, attrpath, oflag|O_XATTR, mode);
close(fd);
The set of existing attributes can be browsed by calling
attropen() with
"." as the attribute name. The list of attributes is obtained by calling
getdents(2) (or
fdopendir(3C) followed by
readdir(3C), see below) on the
returned file descriptor.
Convert an open file descriptor for a directory into a directory descriptor
DIR * fdopendir (const int
fd)
The
fdopendir(3C) function promotes a file descriptor for a directory to
a directory pointer suitable for use with the
readdir(3C) function. The
originating file descriptor should not be used again following the call
to
fdopendir(). The directory pointer should be closed with a call to
closedir(3C). If the provided file descriptor does not reference a
directory, the function returns
ENOTDIR. This function is useful in
circumstances where the only available handle on a directory is a file
descriptor. See
attropen(3C) and
openat(2).
Using the API
The following examples demonstrate how the API might be used to perform
basic operations on extended attributes:
Example 1: List extended attributes on a file.
attrdirfd = attropen("test", ".", O_RDONLY);
dirp = fdopendir(attrdirfd);
while (dp = readdir(dirp)) {
...
Example 2: Open an extended attribute.
attrfd = attropen("test", dp->d_name, O_RDONLY);
or
attrfd = openat(attrdirfd, dp->d_name, O_RDONLY);
Example 3: Read from an extended attribute.
while (read(attrfd, buf, 512) > 0) {
...
Example 4: Create an extended attribute.
newfd = attropen("test", "attr", O_CREAT|O_RDWR);
or
newfd = openat(attrdirfd, "attr", O_CREAT|O_RDWR);
Example 5: Write to an extended attribute.
count = write(newfd, buf, length);
Example 6: Delete an extended attribute.
error = unlinkat(attrdirfd, "attr");
Applications intending to access the interfaces defined here as well as
the POSIX and X/Open specification-conforming interfaces should define
the macro
_ATFILE_SOURCE to be 1 and set whichever feature test macros
are appropriate to obtain the desired environment. See
standards(7).
Extended Archive Formats
As noted above in the description of command utilities modified to
provide support for extended attributes, the archive formats for
tar(1) and
cpio(1) have been extended to provide support for archiving extended
attributes. This section describes the specifics of the archive format
extensions.
Extended tar format
The
tar archive is made up of a series of 512 byte blocks. Each archived
file is represented by a header block and zero or more data blocks
containing the file contents. The header block is structured as shown in
the following table.
Field Name Length (in Octets) Description
Name 100 File name string
Mode 8 12 file mode bits
Uid 8 User ID of file owner
Gid 8 Group ID of file owner
Size 12 Size of file
Mtime 12 File modification time
Chksum 8 File contents checksum
Typeflag 1 File type flag
Linkname 100 Link target name if file linked
Magic 6 "ustar"
Version 2 "00"
Uname 32 User name of file owner
Gname 32 Group name of file owner
Devmajor 8 Major device ID if special file
Devminor 8 Minor device ID if special file
Prefix 155 Path prefix string for file
The extended attribute project extends the above header format by
defining a new header type (for the
Typeflag field). The type 'E' is
defined to be used for all extended attribute files. Attribute files are
stored in the
tar archive as a sequence of two
<header ,data> pairs. The
first file contains the data necessary to locate and name the extended
attribute in the file system. The second file contains the actual
attribute file data. Both files use an 'E' type header. The prefix and
name fields in extended attribute headers are ignored, though they should
be set to meaningful values for the benefit of archivers that do not
process these headers. Solaris archivers set the prefix field to
"
/dev/null" to prevent archivers that do not understand the type 'E'
header from trying to restore extended attribute files in inappropriate
places.
Extended cpio format
The
cpio archive format is octet-oriented rather than block-oriented.
Each file entry in the archive includes a header that describes the file,
followed by the file name, followed by the contents of the file. These
data are arranged as described in the following table.
Field Name Length (in Octets) Description
c_magic 6 70707
c_dev 6 First half of unique file ID
c_ino 6 Second half of unique file ID
c_mode 6 File mode bits
c_uid 6 User ID of file owner
c_gid 6 Group ID of file owner
c_nlink 6 Number of links referencing file
c_rdev 6 Information for special files
c_mtime 11 Modification time of file
c_namesize 6 Length of file pathname
c_filesize 11 Length of file content
c_name c_namesize File pathname
c_filedata c_filesize File content
The basic archive file structure is not changed for extended attributes.
The file type bits stored in the
c_mode field for an attribute file are
set to
0xB000. As with the
tar archive format, extended attributes are
stored in
cpio archives as two consecutive file entries. The first file
describes the location/name for the extended attribute. The second file
contains the actual attribute file content. The
c_name field in extended
attribute headers is ignored, though it should be set to a meaningful
value for the benefit of archivers that do not process these headers.
Solaris archivers start the pathname with "
/dev/null/"to prevent
archivers that do not understand the type 'E' header from trying to
restore extended attribute files in inappropriate places.
Attribute identification data format
Both the
tar and
cpio archive formats can contain the special files
described above, always paired with the extended attribute data record,
for identifying the precise location of the extended attribute. These
special data files are necessary because there is no simple naming
mechanism for extended attribute files. Extended attributes are not
visible in the file system name space. The extended attribute name space
must be "tunneled into" using the
openat() function. The attribute
identification data must support not only the flat naming structure for
extended attributes, but also the possibility of future extensions
allowing for attribute directory hierarchies and recursive attributes.
The data file is therefore composed of a sequence of records. It begins
with a fixed length header describing the content. The following table
describes the format of this data file.
Field Name Length (in Octets) Description
h_version 7 Name file version
h_size 10 Length of data file
h_component_len 10 Total length of all path segments
h_link_comp_len 10 Total length of all link segments
path h_component_len Complex path
link_path h_link_comp_len Complex link path
As demonstrated above, the header is followed by a record describing the
"path" to the attribute file. This path is composed of two or more path
segments separated by a null character. Each segment describes a path
rooted at the hidden extended attribute directory of the leaf file of the
previous segment, making it possible to name attributes on attributes.
The first segment is always the path to the parent file that roots the
entire sequence in the normal name space. The following table describes
the format of each segment.
Field Name Length (in Octets) Description
---------------------------------------------------------------------
h_namesz 7 Length of segment path
h_typeflag 1 Actual file type of attribute file
h_names h_namesz Parent path + segment path
If the attribute file is linked to another file, the path record is
followed by a second record describing the location of the referencing
file. The structure of this record is identical to the record described
above.
SEE ALSO
cp(1),
cpio(1),
du(1),
find(1),
ls(1),
mv(1),
pax(1),
runat(1),
tar(1),
chown(2),
link(2),
open(2),
pathconf(2),
rename(2),
stat(2),
unlink(2),
utimes(2),
attropen(3C),
standards(7),
fsck(8) October 10, 2007
FSATTR(7)