Are extended attributes data or meta-data?
Tim Kientzle
kientzle at freebsd.org
Sat Nov 9 21:06:34 UTC 2013
On Nov 8, 2013, at 3:45 PM, Peter Jeremy <peter at rulingia.com> wrote:
> I've been getting regular error messages logged by afpd:
> Nov 9 00:00:19 server afpd[1966]: sys_getextattr_size: error: Permission denied
> I have spent some time digging into it and it's triggered by
> extattr_get_link(2) returning EACCESS because a file is not readable,
> but stat(2) on the file succeeded.
>
> According to extattr(2), "[n]amed extended attributes are meta-data
> associated with vnodes" but the actual code for VOP_GETEXTATTR() (at least
> for ufs & zfs) checks for VREAD access, whereas the VOP_GETATTR() call
> (used by stat(2)) doesn't include any access checks (so stat(2) will
> succeed unless namei() fails).
>
> IMHO, this behaviour is inconsistent: The extended attributes are
> documented as "meta-data" and but the access checks are for "data".
> Which is correct?
Practically speaking, extended attributes are used both
for data and metadata.
I would consider the existing behavior (extattr calls fail on
non-readable files) to be correct in the absence of NFSv4
ACLs (which include a specific permission for extattr readability).
The extattr(2) manpage should probably document that
the calls fail on non-readable files.
Tim
More information about the freebsd-hackers
mailing list