1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd March 30, 2000 29.Dt EXTATTRCTL 8 30.Os FreeBSD 5.0 31.Sh NAME 32.Nm extattrctl 33.Nd Manage FFS extended attributes 34.Sh SYNOPSIS 35.Nm extattrctl 36.Cm start 37.Ar path 38.Nm extattrctl 39.Cm stop 40.Ar path 41.Nm extattrctl 42.Cm initattr 43.Ar attrsize 44.Ar attrfile 45.Nm extattrctl 46.Cm enable 47.Ar path 48.Ar attrname 49.Ar attrfile 50.Nm extattrctl 51.Cm disable 52.Ar path 53.Ar attrname 54.Sh DESCRIPTION 55.Nm 56is the management utility for extended attributes over the FFS file system. 57.Nm 58allows the starting and stopping of extended attributes on a file system, 59as well as initialization of attribute backing files, and enabling and 60disabling of specific extended attributes on a file system. 61.Pp 62The first argument on the command line indicates the operation to be 63performend. Operation must be one of the following: 64.Bl -tag -width indent 65.It Cm start Ar path 66Start extended attribute support on the file system named using 67.Ar path . 68The file system must be an FFS file system, and the FFS_EXTATTR kernel 69option must have been enabled. 70.It Cm stop Ar path 71Stop extended attribute support on the file system named using 72.Ar path . 73Extended attribute support must previously have been started. 74.It Xo 75.Cm initattr 76.Op Fl p Ar path 77.Op Fl r Op Ar kroa 78.Op Fl w Op Ar kroa 79.Ar attrsize attrfile 80.Xc 81Create and initialize a file to use as an attribute backing file. 82You must specify a maximum per-inode size for the attribute in bytes in 83.Ar attrsize , 84as well as the file where the attribute will be stored, using 85.Ar attrfile . 86.Pp 87The 88.Fl p Ar path 89argument may be used to preallocate space for all attributes rather than 90relying on sparse files to conserve space. 91This has the advantage of guaranteeing that space will be available 92for attributes when they are written, preventing low disk space conditions 93from denying attribute service. 94.Pp 95The 96.Fl r 97and 98.Fl w 99options can be used to set the read and write permissions on the named 100attribute, respectively. 101There are four levels possible for both read and write: 102.Dq k 103limits reading or writing to the kernel, 104.Dq r 105limits activities to root, 106.Dq o 107limits activities to root and the owner of the file having the attribute 108read or written, and 109.Dq q 110allows any user to perform the attribute operation. 111The default is to limit activities to the root user, or 112.Dq r 113. 114.Pp 115This file should not exist before running 116.Cm initattr. 117.It Cm enable Ar path Ar attrname Ar attrfile 118Enable an attribute named 119.Ar attrname 120on the file system identified using 121.Ar path , 122and backed by initialized attribute file 123.Ar attrfile . 124The backing file must have been initialized using 125.Cm initattr 126before its first use. 127Attributes must have been started on the file system prior to the 128enabling of any attributes. 129.It Cm disable Ar path Ar attrname 130Disable the attributed named 131.Ar attrname 132on the file system identified by 133.Ar path . 134The file system must have attributes started on it, and the attribute 135most have been enabled using 136.Cm enable . 137.Sh EXAMPLES 138.Pp 139.Dl extattrctl start / 140.Pp 141Start extended attributes on the root file system. 142.Pp 143.Dl extattrctl initattr 17 /.attribute/md5 144.Pp 145Create an attribute backing file in /.attribute/md5, and set the maximum 146size of each attribute to 17 bytes. Sparse files are used for storing the 147attributes, and the default permissions limiting access to the root user 148are implied. 149.Pp 150.Dl extattrctl enable / md5 /.attribute/md5 151.Pp 152Enable an attribute named md5 on the root file system, backed from the file 153/.attribute/md5. 154.Pp 155.Dl extattrctl disable / md5 156.Pp 157Disable the attribute named md5 on the root file system. 158.Pp 159.Dl extattrctl stop / 160.Pp 161Stop extended attributes on the root file system. 162.Sh SEE ALSO 163.Xr getextattr 8 , 164.Xr setextattr 8 , 165.Xr extattr 9 166.Sh HISTORY 167Extended attribute support was developed as part of the TrustedBSD Project, 168and introduced in 169.Fx 5.0 . 170It was developed to support security extensions requiring additional labels 171to be associated with each file or directory. 172.Sh AUTHORS 173Robert N M Watson 174