符号链接上的扩展属性

符号链接上的扩展属性

我正在尝试在 Fedora 15 上的符号链接上设置一些扩展属性。

根据setfattr的用法,有一个-h用于此目的的选项:

setfattr 2.4.44 -- set extended attributes
Usage: setfattr {-n name} [-v value] [-h] file...
       setfattr {-x name} [-h] file...
  -n, --name=name         set the value of the named extended attribute
  -x, --remove=name       remove the named extended attribute
  -v, --value=value       use value as the attribute value
  -h, --no-dereference    do not dereference symbolic links
      --restore=file      restore extended attributes
      --version           print version and exit
      --help              this help text

但是,该选项似乎不起作用。-h在符号链接文件上使用仅报告Operation not permitted而不设置扩展属性。

例如:

[dummy@notebook test]$ ls -l
total 0
-rw-rw-r-- 1 dummy dummy 0 Jul 12 14:35 file
lrwxrwxrwx 1 dummy dummy 6 Jul 12 14:35 link -> ./file
[dummy@notebook test]$ setfattr -n user.name -v value1 file
[dummy@notebook test]$ getfattr -n user.name file
# file: file
user.name="value1"

[dummy@notebook test]$ setfattr -n user.name -v value2 link
[dummy@notebook test]$ getfattr -n user.name file
# file: file
user.name="value2"

[dummy@notebook test]$ setfattr -n user.name -v value3 -h link
setfattr: link: Operation not permitted
[dummy@notebook test]$ getfattr -n user.name -h link
link: user.name: Operation not permitted

为什么是这样?

答案1

我在 fs/xattr.c 中找到了这条评论:

/* In user.* namespace, only regular files and directories can have
 * extended attributes. For sticky directories, only the owner and
 * privileged user can write attributes.
 */

你有它;内核不允许在除常规文件或目录之外的任何内容上设置用户命名空间中的属性。

xattr(7)提供更多详细信息:

扩展用户属性

Extended user attributes may be assigned to files and directories for
storing arbitrary additional information such as the mime type,
character set or encoding of a file.  The access permissions for user
attributes are defined by the file permission bits: read permission
is required to retrieve the attribute value, and writer permission is
required to change it.

The file permission bits of regular files and directories are
interpreted differently from the file permission bits of special
files and symbolic links.  For regular files and directories the file
permission bits define access to the file's contents, while for
device special files they define access to the device described by
the special file.  The file permissions of symbolic links are not
used in access checks.  These differences would allow users to
consume filesystem resources in a way not controllable by disk quotas
for group or world writable special files and directories.

For this reason, extended user attributes are allowed only for
regular files and directories, and access to extended user attributes
is restricted to the owner and to users with appropriate capabilities
for directories with the sticky bit set (see the chmod(1) manual page
for an explanation of the sticky bit).

相关内容