Are extended attributes data or meta-data?

Tim Kientzle kientzle at freebsd.org
Sat Nov 9 21:06:34 UTC 2013


On Nov 8, 2013, at 3:45 PM, Peter Jeremy <peter at rulingia.com> wrote:

> I've been getting regular error messages logged by afpd:
> Nov  9 00:00:19 server afpd[1966]: sys_getextattr_size: error: Permission denied
> I have spent some time digging into it and it's triggered by
> extattr_get_link(2) returning EACCESS because a file is not readable,
> but stat(2) on the file succeeded.
> 
> According to extattr(2), "[n]amed extended attributes are meta-data
> associated with vnodes" but the actual code for VOP_GETEXTATTR() (at least
> for ufs & zfs) checks for VREAD access, whereas the VOP_GETATTR() call
> (used by stat(2)) doesn't include any access checks (so stat(2) will
> succeed unless namei() fails).
> 
> IMHO, this behaviour is inconsistent:  The extended attributes are
> documented as "meta-data" and but the access checks are for "data".
> Which is correct?

Practically speaking, extended attributes are used both
for data and metadata.

I would consider the existing behavior (extattr calls fail on
non-readable files) to be correct in the absence of NFSv4
ACLs (which include a specific permission for extattr readability).

The extattr(2) manpage should probably document that
the calls fail on non-readable files.

Tim



More information about the freebsd-hackers mailing list