1.\"- 2.\" Copyright (c) 2000 Robert N. M. Watson 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dd March 30, 2000 29.Dt EXTATTRCTL 8 30.Os 31.Sh NAME 32.Nm extattrctl 33.Nd manage FFS extended attributes 34.Sh SYNOPSIS 35.Nm extattrctl 36.Cm start 37.Ar path 38.Nm extattrctl 39.Cm stop 40.Ar path 41.Nm extattrctl 42.Cm initattr 43.Op Fl p Ar path 44.Op Fl r Ar kroa 45.Op Fl w Ar kroa 46.Ar attrsize 47.Ar attrfile 48.Nm extattrctl 49.Cm enable 50.Ar path 51.Ar attrname 52.Ar attrfile 53.Nm extattrctl 54.Cm disable 55.Ar path 56.Ar attrname 57.Sh DESCRIPTION 58.Nm 59is the management utility for extended attributes over the FFS file system. 60.Nm 61allows the starting and stopping of extended attributes on a file system, 62as well as initialization of attribute backing files, and enabling and 63disabling of specific extended attributes on a file system. 64.Pp 65The first argument on the command line indicates the operation to be 66performend. Operation must be one of the following: 67.Bl -tag -width indent 68.It Cm start Ar path 69Start extended attribute support on the file system named using 70.Ar path . 71The file system must be an FFS file system, and the FFS_EXTATTR kernel 72option must have been enabled. 73.It Cm stop Ar path 74Stop extended attribute support on the file system named using 75.Ar path . 76Extended attribute support must previously have been started. 77.It Xo 78.Cm initattr 79.Op Fl p Ar path 80.Op Fl r Ar kroa 81.Op Fl w Ar kroa 82.Ar attrsize attrfile 83.Xc 84Create and initialize a file to use as an attribute backing file. 85You must specify a maximum per-inode size for the attribute in bytes in 86.Ar attrsize , 87as well as the file where the attribute will be stored, using 88.Ar attrfile . 89.Pp 90The 91.Fl p Ar path 92argument may be used to preallocate space for all attributes rather than 93relying on sparse files to conserve space. 94This has the advantage of guaranteeing that space will be available 95for attributes when they are written, preventing low disk space conditions 96from denying attribute service. 97.Pp 98The 99.Fl r 100and 101.Fl w 102options can be used to set the read and write permissions on the named 103attribute, respectively. 104There are four levels possible for both read and write: 105.Dq k 106limits reading or writing to the kernel, 107.Dq r 108limits activities to root, 109.Dq o 110limits activities to root and the owner of the file having the attribute 111read or written, and 112.Dq q 113allows any user to perform the attribute operation. 114The default is to limit activities to the root user, or 115.Dq r . 116.Pp 117This file should not exist before running 118.Cm initattr. 119.It Cm enable Ar path Ar attrname Ar attrfile 120Enable an attribute named 121.Ar attrname 122on the file system identified using 123.Ar path , 124and backed by initialized attribute file 125.Ar attrfile . 126The backing file must have been initialized using 127.Cm initattr 128before its first use. 129Attributes must have been started on the file system prior to the 130enabling of any attributes. 131.It Cm disable Ar path Ar attrname 132Disable the attributed named 133.Ar attrname 134on the file system identified by 135.Ar path . 136The file system must have attributes started on it, and the attribute 137most have been enabled using 138.Cm enable . 139.Sh EXAMPLES 140.Pp 141.Dl extattrctl start / 142.Pp 143Start extended attributes on the root file system. 144.Pp 145.Dl extattrctl initattr 17 /.attribute/md5 146.Pp 147Create an attribute backing file in /.attribute/md5, and set the maximum 148size of each attribute to 17 bytes. Sparse files are used for storing the 149attributes, and the default permissions limiting access to the root user 150are implied. 151.Pp 152.Dl extattrctl enable / md5 /.attribute/md5 153.Pp 154Enable an attribute named md5 on the root file system, backed from the file 155/.attribute/md5. 156.Pp 157.Dl extattrctl disable / md5 158.Pp 159Disable the attribute named md5 on the root file system. 160.Pp 161.Dl extattrctl stop / 162.Pp 163Stop extended attributes on the root file system. 164.Sh SEE ALSO 165.Xr getextattr 8 , 166.Xr setextattr 8 , 167.Xr extattr 9 168.Sh HISTORY 169Extended attribute support was developed as part of the TrustedBSD Project, 170and introduced in 171.Fx 5.0 . 172It was developed to support security extensions requiring additional labels 173to be associated with each file or directory. 174.Sh AUTHORS 175Robert N M Watson 176