From owner-freebsd-hackers@FreeBSD.ORG Sat Nov 9 21:06:34 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 8D024312 for ; Sat, 9 Nov 2013 21:06:34 +0000 (UTC) (envelope-from kientzle@freebsd.org) Received: from monday.kientzle.com (99-115-135-74.uvs.sntcca.sbcglobal.net [99.115.135.74]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 69390234B for ; Sat, 9 Nov 2013 21:06:33 +0000 (UTC) Received: (from root@localhost) by monday.kientzle.com (8.14.4/8.14.4) id rA9L6PAk030065; Sat, 9 Nov 2013 21:06:25 GMT (envelope-from kientzle@freebsd.org) Received: from [192.168.2.123] (CiscoE3000 [192.168.1.65]) by kientzle.com with SMTP id sgh2kmq63kn3g2w6edd38vfijw; Sat, 09 Nov 2013 21:06:25 +0000 (UTC) (envelope-from kientzle@freebsd.org) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) Subject: Re: Are extended attributes data or meta-data? From: Tim Kientzle In-Reply-To: <20131108234505.GC8321@server.rulingia.com> Date: Sat, 9 Nov 2013 13:06:24 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <502A2D02-6AB3-42FC-94D8-261A208751ED@freebsd.org> References: <20131108234505.GC8321@server.rulingia.com> To: Peter Jeremy X-Mailer: Apple Mail (2.1822) Cc: freebsd-hackers Hackers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Nov 2013 21:06:34 -0000 On Nov 8, 2013, at 3:45 PM, Peter Jeremy wrote: > I've been getting regular error messages logged by afpd: > Nov 9 00:00:19 server afpd[1966]: sys_getextattr_size: error: = Permission denied > I have spent some time digging into it and it's triggered by > extattr_get_link(2) returning EACCESS because a file is not readable, > but stat(2) on the file succeeded. >=20 > According to extattr(2), "[n]amed extended attributes are meta-data > associated with vnodes" but the actual code for VOP_GETEXTATTR() (at = least > for ufs & zfs) checks for VREAD access, whereas the VOP_GETATTR() call > (used by stat(2)) doesn't include any access checks (so stat(2) will > succeed unless namei() fails). >=20 > IMHO, this behaviour is inconsistent: The extended attributes are > documented as "meta-data" and but the access checks are for "data". > Which is correct? Practically speaking, extended attributes are used both for data and metadata. I would consider the existing behavior (extattr calls fail on non-readable files) to be correct in the absence of NFSv4 ACLs (which include a specific permission for extattr readability). The extattr(2) manpage should probably document that the calls fail on non-readable files. Tim