From e6a536221cb30ae732c3b4e40beb458608264a3d Mon Sep 17 00:00:00 2001 From: rwatson Date: Sat, 2 Sep 2000 20:31:26 +0000 Subject: Modify extended attribute protection model to authorize based on attribute namespace and DAC protection on file: - Attribute names beginning with '$' are in the system namespace - The attribute name "$" is reserved - System namespace attributes may only be read/set by suser() or by kernel (cred == NULL) - Other attribute names are in the application namespace - The attribute name "" is reserved - Application namespace attributes are protected in the manner of the target file permission o Kernel changes - Add ufs_extattr_valid_attrname() to check whether the requested attribute "set" or "enable" is appropriate (i.e., non-reserved) - Modify ufs_extattr_credcheck() to accept target file vnode, not to take inode uid - Modify ufs_extattr_credcheck() to check namespace, then enforce either kernel/suser for system namespace, or vaccess() for application namespace o EA backing file format changes - Remove permission fields from extended attribute backing file header - Bump extended attribute backing file header version to 3 o Update extattrctl.c and extattrctl.8 - Remove now deprecated -r and -w arguments to initattr, as permissions are now implicit - (unrelated) fix error reporting and unlinking during failed initattr to remove duplicate/inaccurate error messages, and to only unlink if the failure wasn't in the backing file open() Obtained from: TrustedBSD Project --- usr.sbin/extattrctl/extattrctl.8 | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'usr.sbin/extattrctl/extattrctl.8') diff --git a/usr.sbin/extattrctl/extattrctl.8 b/usr.sbin/extattrctl/extattrctl.8 index 223118c..f65fe1a 100644 --- a/usr.sbin/extattrctl/extattrctl.8 +++ b/usr.sbin/extattrctl/extattrctl.8 @@ -41,8 +41,6 @@ .Nm extattrctl .Cm initattr .Op Fl p Ar path -.Op Fl r Ar kroa -.Op Fl w Ar kroa .Ar attrsize .Ar attrfile .Nm extattrctl @@ -63,7 +61,7 @@ as well as initialization of attribute backing files, and enabling and disabling of specific extended attributes on a file system. .Pp The first argument on the command line indicates the operation to be -performend. Operation must be one of the following: +performed. Operation must be one of the following: .Bl -tag -width indent .It Cm start Ar path Start extended attribute support on the file system named using @@ -77,8 +75,6 @@ Extended attribute support must previously have been started. .It Xo .Cm initattr .Op Fl p Ar path -.Op Fl r Ar kroa -.Op Fl w Ar kroa .Ar attrsize attrfile .Xc Create and initialize a file to use as an attribute backing file. @@ -95,25 +91,6 @@ This has the advantage of guaranteeing that space will be available for attributes when they are written, preventing low disk space conditions from denying attribute service. .Pp -The -.Fl r -and -.Fl w -options can be used to set the read and write permissions on the named -attribute, respectively. -There are four levels possible for both read and write: -.Dq k -limits reading or writing to the kernel, -.Dq r -limits activities to root, -.Dq o -limits activities to root and the owner of the file having the attribute -read or written, and -.Dq q -allows any user to perform the attribute operation. -The default is to limit activities to the root user, or -.Dq r . -.Pp This file should not exist before running .Cm initattr. .It Cm enable Ar path Ar attrname Ar attrfile @@ -145,9 +122,8 @@ Start extended attributes on the root file system. .Dl extattrctl initattr 17 /.attribute/md5 .Pp Create an attribute backing file in /.attribute/md5, and set the maximum -size of each attribute to 17 bytes. Sparse files are used for storing the -attributes, and the default permissions limiting access to the root user -are implied. +size of each attribute to 17 bytes, with a sparse file used for storing +the attributes. .Pp .Dl extattrctl enable / md5 /.attribute/md5 .Pp -- cgit v1.1