Date: Sat, 9 Nov 2013 13:06:24 -0800 From: Tim Kientzle <kientzle@freebsd.org> To: Peter Jeremy <peter@rulingia.com> Cc: freebsd-hackers Hackers <freebsd-hackers@freebsd.org> Subject: Re: Are extended attributes data or meta-data? Message-ID: <502A2D02-6AB3-42FC-94D8-261A208751ED@freebsd.org> In-Reply-To: <20131108234505.GC8321@server.rulingia.com> References: <20131108234505.GC8321@server.rulingia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 8, 2013, at 3:45 PM, Peter Jeremy <peter@rulingia.com> wrote: > I've been getting regular error messages logged by afpd: > Nov 9 00:00:19 server afpd[1966]: sys_getextattr_size: error: = Permission denied > I have spent some time digging into it and it's triggered by > extattr_get_link(2) returning EACCESS because a file is not readable, > but stat(2) on the file succeeded. >=20 > According to extattr(2), "[n]amed extended attributes are meta-data > associated with vnodes" but the actual code for VOP_GETEXTATTR() (at = least > for ufs & zfs) checks for VREAD access, whereas the VOP_GETATTR() call > (used by stat(2)) doesn't include any access checks (so stat(2) will > succeed unless namei() fails). >=20 > IMHO, this behaviour is inconsistent: The extended attributes are > documented as "meta-data" and but the access checks are for "data". > Which is correct? Practically speaking, extended attributes are used both for data and metadata. I would consider the existing behavior (extattr calls fail on non-readable files) to be correct in the absence of NFSv4 ACLs (which include a specific permission for extattr readability). The extattr(2) manpage should probably document that the calls fail on non-readable files. Tim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?502A2D02-6AB3-42FC-94D8-261A208751ED>