77f6aff1a4
Reviewed by: maintainer
173 lines
5.3 KiB
Groff
173 lines
5.3 KiB
Groff
.\"-
|
|
.\" Copyright (c) 2000 Robert N. M. Watson
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd March 30, 2000
|
|
.Dt EXTATTRCTL 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm extattrctl
|
|
.Nd manage FFS extended attributes
|
|
.Sh SYNOPSIS
|
|
.Nm extattrctl
|
|
.Cm start
|
|
.Ar path
|
|
.Nm extattrctl
|
|
.Cm stop
|
|
.Ar path
|
|
.Nm extattrctl
|
|
.Cm initattr
|
|
.Ar attrsize
|
|
.Ar attrfile
|
|
.Nm extattrctl
|
|
.Cm enable
|
|
.Ar path
|
|
.Ar attrname
|
|
.Ar attrfile
|
|
.Nm extattrctl
|
|
.Cm disable
|
|
.Ar path
|
|
.Ar attrname
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is the management utility for extended attributes over the FFS file system.
|
|
.Nm
|
|
allows the starting and stopping of extended attributes on a file system,
|
|
as well as initialization of attribute backing files, and enabling and
|
|
disabling of specific extended attributes on a file system.
|
|
.Pp
|
|
The first argument on the command line indicates the operation to be
|
|
performend. Operation must be one of the following:
|
|
.Bl -tag -width indent
|
|
.It Cm start Ar path
|
|
Start extended attribute support on the file system named using
|
|
.Ar path .
|
|
The file system must be an FFS file system, and the FFS_EXTATTR kernel
|
|
option must have been enabled.
|
|
.It Cm stop Ar path
|
|
Stop extended attribute support on the file system named using
|
|
.Ar path .
|
|
Extended attribute support must previously have been started.
|
|
.It Xo
|
|
.Cm initattr
|
|
.Op Fl p Ar path
|
|
.Op Fl r Op Ar kroa
|
|
.Op Fl w Op Ar kroa
|
|
.Ar attrsize attrfile
|
|
.Xc
|
|
Create and initialize a file to use as an attribute backing file.
|
|
You must specify a maximum per-inode size for the attribute in bytes in
|
|
.Ar attrsize ,
|
|
as well as the file where the attribute will be stored, using
|
|
.Ar attrfile .
|
|
.Pp
|
|
The
|
|
.Fl p Ar path
|
|
argument may be used to preallocate space for all attributes rather than
|
|
relying on sparse files to conserve space.
|
|
This has the advantage of guaranteeing that space will be available
|
|
for attributes when they are written, preventing low disk space conditions
|
|
from denying attribute service.
|
|
.Pp
|
|
The
|
|
.Fl r
|
|
and
|
|
.Fl w
|
|
options can be used to set the read and write permissions on the named
|
|
attribute, respectively.
|
|
There are four levels possible for both read and write:
|
|
.Dq k
|
|
limits reading or writing to the kernel,
|
|
.Dq r
|
|
limits activities to root,
|
|
.Dq o
|
|
limits activities to root and the owner of the file having the attribute
|
|
read or written, and
|
|
.Dq q
|
|
allows any user to perform the attribute operation.
|
|
The default is to limit activities to the root user, or
|
|
.Dq r .
|
|
.Pp
|
|
This file should not exist before running
|
|
.Cm initattr.
|
|
.It Cm enable Ar path Ar attrname Ar attrfile
|
|
Enable an attribute named
|
|
.Ar attrname
|
|
on the file system identified using
|
|
.Ar path ,
|
|
and backed by initialized attribute file
|
|
.Ar attrfile .
|
|
The backing file must have been initialized using
|
|
.Cm initattr
|
|
before its first use.
|
|
Attributes must have been started on the file system prior to the
|
|
enabling of any attributes.
|
|
.It Cm disable Ar path Ar attrname
|
|
Disable the attributed named
|
|
.Ar attrname
|
|
on the file system identified by
|
|
.Ar path .
|
|
The file system must have attributes started on it, and the attribute
|
|
most have been enabled using
|
|
.Cm enable .
|
|
.Sh EXAMPLES
|
|
.Pp
|
|
.Dl extattrctl start /
|
|
.Pp
|
|
Start extended attributes on the root file system.
|
|
.Pp
|
|
.Dl extattrctl initattr 17 /.attribute/md5
|
|
.Pp
|
|
Create an attribute backing file in /.attribute/md5, and set the maximum
|
|
size of each attribute to 17 bytes. Sparse files are used for storing the
|
|
attributes, and the default permissions limiting access to the root user
|
|
are implied.
|
|
.Pp
|
|
.Dl extattrctl enable / md5 /.attribute/md5
|
|
.Pp
|
|
Enable an attribute named md5 on the root file system, backed from the file
|
|
/.attribute/md5.
|
|
.Pp
|
|
.Dl extattrctl disable / md5
|
|
.Pp
|
|
Disable the attribute named md5 on the root file system.
|
|
.Pp
|
|
.Dl extattrctl stop /
|
|
.Pp
|
|
Stop extended attributes on the root file system.
|
|
.Sh SEE ALSO
|
|
.Xr getextattr 8 ,
|
|
.Xr setextattr 8 ,
|
|
.Xr extattr 9
|
|
.Sh HISTORY
|
|
Extended attribute support was developed as part of the TrustedBSD Project,
|
|
and introduced in
|
|
.Fx 5.0 .
|
|
It was developed to support security extensions requiring additional labels
|
|
to be associated with each file or directory.
|
|
.Sh AUTHORS
|
|
Robert N M Watson
|