Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: using extended attributes to better protect files
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message

Joined: 25 Mar 2003
Posts: 1366
Location: Lexington, Ky -- USA

PostPosted: Wed May 18, 2005 5:42 pm    Post subject: HOWTO: using extended attributes to better protect files Reply with quote

How many times have you accidentally overwritten a configuration file during an etc-update that you had customized? I had been aware of extended attributes for a long while now, but I had never taken the time to actually use them. The extended attribute that I am mostly interested with is the immutable attribute. This attribute, which can only be set by root, prevents a file from be changed or deleted, even by root.

For example, suppose I modify /etc/conf.d/hdparm. If one is not careful, an etc-update after upgrading hdparm could could result in you accidentally overwriting your custom /etc/conf.d/hdparm. To prevent this, one merely has to do
chattr +i /etc/conf.d/hdparm

Afterwards, no one -- not even root -- can overwrite or delete this file until the immutable attribute is unset, such as with chattr -i /etc/conf.d/hdparm.

So, how do you set these extended attributes? You first have to have a filesystem that supports them. I currently know that etx2,3 and reiserfs supports extended attributes, but it also appears that xfs does too. If anyone can verify what other filesystems can support extended attributes, I will gladly add them to the list.

If I have made mistakes within this howto, please let me know and I will correct them -- I am no expert, nor do I claim to be. What I present here, is what has worked for me.

Kernel Config
I will list the kernel configuration for each filesystem together, choose what you want.
File systems  --->
  <*> Second extended fs support
  [*]   Ext2 extended attributes
  <*> Ext3 journalling file system support
  [*]   Ext3 extended attributes
  <*> Reiserfs support
  [*]   ReiserFS extended attributes
  JFS doesn't show extended attributes, only ACLs.
  XFS doesn't show extended attributes, only ACLs ... however see, below information.

It seems you do not need to add anything special for ext2,3 filesystems; they appear to honor the extended attributes by default.

You need to add attrs to the mount options. You can remount your partitions to make the
attrs effective by mount -o remount /whatever/reiserfs/mount/point.

I would like to point out the man page for mount makes no mention of the attrs mount option for reiserfs. Without this option, you can set/unset extended attributes, however reiserfs will ignore them.

chattr and lsattr
Now to set/unset the extended attributes, we need the commands chattr and lsattr. These commands can be obtained by emerging e2fsprogs.

At this point, you can set/unset the extended attributes with chattr mode some_file, where for instance mode can be +i to set the immutable bit or -i to unset the immutable bit.

To see what extended attributes are set, you can use lsattr some_file.

More information about this commands can be found within their respective man pages.

xfs filesystem
Looking at the man page of attr, after emerge attr, it appears this package is for the xfs filesystem. This package also contains the commands setfattr and getfattr. Given there is no kernel option for extended attributes, I am assuming you can just emerge this package for xfs? Also, I do not know if there should be a specific mount option within /etc/fstab for xfs to honor the extended attributes. Furthermore, it seems the "extended attributes" of the xfs filesystem are not technically the same as those of ext2,3 and reiserfs, i.e. lsattr will not show the xfs extended attributes, only by using getfattr can you see them -- I could be wrong on this though; please correct me if I am wrong.
Vim has excellent syntax highlighting for configuration files: emerge gentoo-syntax
Learn how to use Vim: vimtutor
Back to top
View user's profile Send private message

Joined: 23 Aug 2004
Posts: 1399
Location: CLUAConsole

PostPosted: Wed May 18, 2005 5:50 pm    Post subject: Reply with quote

Darn, right after I switch to JFS I find a howto about something interesting it can't do.
Back to top
View user's profile Send private message

Joined: 02 Nov 2002
Posts: 1314
Location: atlanta

PostPosted: Thu Aug 18, 2005 11:58 am    Post subject: Reply with quote

more/different info is here.

I assume you can use the chattr/lsattr and setfattr/getfattr (get fatter? ;)) programs for any fs that supports extended attributes?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum