Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Mar 2013 19:11:44 -0500 (EST)
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        "Kenneth D. Merry" <ken@FreeBSD.org>
Cc:        arch@FreeBSD.org, fs@FreeBSD.org
Subject:   Re: patches to add new stat(2) file flags
Message-ID:  <37540270.3721223.1362787904494.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <20130308232155.GA47062@nargothrond.kdm.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Kenneth D. Merry wrote:
> On Fri, Mar 08, 2013 at 00:37:15 +1100, Bruce Evans wrote:
> > On Wed, 6 Mar 2013, Kenneth D. Merry wrote:
> >
> > >I have attached diffs against head for some additional stat(2) file
> > >flags.
> > >
> > >The primary purpose of these flags is to improve compatibility with
> > >CIFS,
> > >both from the client and the server side.
> > >...
> >
> > I missed looking at the diffs in my previous reply.
> >
> > % --- //depot/users/kenm/FreeBSD-test3/bin/chflags/chflags.1
> > 2013-03-04
> > 17:51:12.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/bin/chflags/chflags.1
> > 2013-03-04 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.86 2013-03-06 16:42:43.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/bin/chflags/chflags.1
> > 2013-03-06 14:47:25.987128763 -0700
> > % @@ -117,6 +117,16 @@
> > % set the user immutable flag (owner or super-user only)
> > % .It Cm uunlnk , uunlink
> > % set the user undeletable flag (owner or super-user only)
> > % +.It Cm system , usystem
> > % +set the Windows system flag (owner or super-user only)
> >
> > This begins unsorting of the list.
> 
> Fixed.
> 
> > It's not just a Windows flag, since it also works in DOS.
> 
> Fixed.
> 
> > "Owner or" is too strict for msdosfs, since files can only have a
> > single owner so it is controlling access using groups is needed. I
> > use owner root and group msdosfs for msdosfs mounts. This works for
> > normal operations like open/read/write, but fails for most
> > attributes
> > including file flags. msdosfs doesn't support many attributes but
> > this change is supposed to add support for 3 new file flags so it
> > would
> > be good if it didn't restrict the support to root.
> 
> I wasn't trying to change the existing security model for msdosfs, but
> if
> you've got a suggested patch to fix it I can add that in.
> 
> > % +.It Cm sparse , usparse
> > % +set the sparse file attribute (owner or super-user only)
> > % +.It Cm offline , uoffline
> > % +set the offline file attribute (owner or super-user only)
> > % +.It Cm reparse , ureparse
> > % +set the Windows reparse point file attribute (owner or super-user
> > only)
> > % +.It Cm hidden , uhidden
> > % +set the hidden file attribute (owner or super-user only)
> >
> > The additions at the end are also internally unsorted.
> 
> Fixed.
> 
> > Previously only "opaque" and "nodump" were unsorted. They are UF
> > flags
> > sorted with the SF flags, and "no" in "nodump" is not ignored for
> > the
> > purposes of sorting.
> >
> > Not having "u" in the old and new UF flag names messes up the sort
> > order
> > (unless you add futher confusion by ignoring "u" for the purposes of
> > sorting) and makes it harder to add SF variants of the flags.
> 
> They're now sorted in alphabetical order.
> 
> > % .El
> > % .Pp
> > % Putting the letters
> > % --- //depot/users/kenm/FreeBSD-test3/lib/libc/gen/strtofflags.c
> > 2013-03-04 17:51:12.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/lib/libc/gen/strtofflags.c
> > 2013-03-04 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.178 2013-03-06 16:42:43.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/lib/libc/gen/strtofflags.c
> > 2013-03-06 15:09:32.842437917 -0700
> > % @@ -68,7 +68,17 @@
> > % { "nodump", 1, UF_NODUMP },
> > % { "noopaque", 0, UF_OPAQUE },
> > % { "nouunlnk", 0, UF_NOUNLINK },
> > % - { "nouunlink", 0, UF_NOUNLINK }
> > % + { "nouunlink", 0, UF_NOUNLINK },
> > % + { "nosystem", 0, UF_SYSTEM, },
> > % + { "nousystem", 0, UF_SYSTEM, },
> > % + { "nosparse", 0, UF_SPARSE, },
> > % + { "nousparse", 0, UF_SPARSE, },
> > % + { "nooffline", 0, UF_OFFLINE, },
> > % + { "nouoffline", 0, UF_OFFLINE, },
> > % + { "noreparse", 0, UF_REPARSE, },
> > % + { "noureparse", 0, UF_REPARSE, },
> > % + { "nohidden", 0, UF_HIDDEN, },
> > % + { "nouhidden", 0, UF_HIDDEN, }
> >
> > This is totally disordered too.
> >
> > The old table was sorted except for "nosnapshot". Another bug is
> > that
> > "nosnapshot" is supported here (so chflags(1) can show it), but is
> > not
> > documented in chflags(1).
> 
> Actually, I think the table was previously sorted by the stat(2) flag
> name,
> and UF_NOUNLINK appears to be the only one that was out of place. I
> have
> fixed that and my additions.
> 
> > % };
> > % #define nmappings (sizeof(mapping) / sizeof(mapping[0]))
> > %
> > % --- //depot/users/kenm/FreeBSD-test3/lib/libc/sys/chflags.2
> > 2013-03-04
> > 17:51:12.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/lib/libc/sys/chflags.2
> > 2013-03-04 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.257 2013-03-06 16:42:43.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/lib/libc/sys/chflags.2
> > 2013-03-06 14:49:39.357125717 -0700
> > % @@ -75,16 +75,49 @@
> > % Do not dump the file.
> > % .It Dv UF_IMMUTABLE
> > % The file may not be changed.
> > % +Filesystems may use this flag to maintain compatibility with the
> > Windows
> > and
> > % +CIFS FILE_ATTRIBUTE_READONLY attribute.
> > % .It Dv UF_APPEND
> > % The file may only be appended to.
> >
> > This was already totally disordered. It even has UF's before SF's,
> > although
> > SF's sort before UF's both lexically and logically, though not in
> > sys/stat.h
> > or in bits.
> >
> > The disorder here was apparently copied from the implementation
> > (sys/stat.h, which is in the order of the bits, which is historical
> > for binary compatibility) and not cleaned up like chflags(1) and
> > strttoflags(3).
> 
> Fixed.
> 
> > % .It Dv UF_NOUNLINK
> > % The file may not be renamed or deleted.
> > % .It Dv UF_OPAQUE
> > % The directory is opaque when viewed through a union stack.
> > % +.It Dv UF_SYSTEM
> > % +The file has the Windows and CIFS FILE_ATTRIBUTE_SYSTEM
> > attribute.
> > % +Filesystems in FreeBSD may store and display this flag, but do
> > not
> > provide
> > % +any special handling when it is set.
> >
> > More disordered than before...
> >
> > % +.It Dv UF_HIDDEN
> > % +The file may be hidden from directory listings at the
> > application's
> > % +discretion.
> > % +The file has the Windows FILE_ATTRIBUTE_HIDDEN attribute.
> >
> > Not just Windows...
> 
> Fixed.
> 
> > % .It Dv SF_ARCHIVED
> > % -The file may be archived.
> > % +The file has been archived.
> > % +This flag means the opposite of the Windows and CIFS
> > FILE_ATTRIBUTE_ARCHIVE
> > % +attribute.
> > % +That attribute means that the file should be archived, whereas
> > % +.Dv SF_ARCHIVED
> > % +means that the file has been archived.
> >
> > WinXP uses the poor wording "avialable for archiving". This is
> > better.
> >
> > % +Filesystems in FreeBSD may or may not have special handling for
> > this
> > flag.
> > % +For instance, ZFS tracks changes to files and will clear this bit
> > when a
> > % +file is updated.
> > % +UFS only stores the flag, and relies on the application to change
> > it when
> > % +needed.
> >
> > I think that is useless, since changing it is needed whenever the
> > file
> > changes, and applications can do that (short of running as daemons
> > and
> > watching for changes).
> 
> Do you mean applications can't do that or can?
> 
> > WinXP seems to not set the flag when attributes change. I think that
> > is
> > a bug, and FreeBSD msdosfs does set it when attributes are changed
> > (except
> > for the SF_ARCHIVED attribute itself, and atimes when the atimes are
> > set
> > automatically). The FreeBSD behaviour is like setting the ctime for
> > any
> > change and is bug for bug compatible in doing this even for null
> > changes.
> > FreeBSD doesn't have many attributes to set, but you just added some
> > more.
> > I think this should be controlled by a mount option so that bug for
> > bug
> > compatibility with WinDOS is possible.
> >
> > % .It Dv SF_IMMUTABLE
> > % The file may not be changed.
> > % +This flag also indicates that the Windows ans CIFS
> > FILE_ATTRIBUTE_READONLY
> > % +attribute is set.
> >
> > s/ans/and/
> >
> > You only mentioned UF_IMMUTABLE in your general description. Mapping
> > READONLY to both gives even more confusing semantics, and mapping it
> > to
> > SF_IMMUTABLE seems too strict since for example it prevents using
> > FreeBSD
> > to manage the flag at high securelevels.
> 
> I agree. That man page change was left over from an earlier version of
> the
> code. I took it out.
> 
> > % ---
> > //depot/users/kenm/FreeBSD-test3/sys/fs/msdosfs/msdosfs_vnops.c
> > 2013-03-04 17:51:12.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/fs/msdosfs/msdosfs_vnops.c
> > 2013-03-04 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.370 2013-03-06 16:42:43.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/fs/msdosfs/msdosfs_vnops.c
> > 2013-03-06 14:49:47.179130318 -0700
> > % @@ -345,8 +345,17 @@
> > % vap->va_birthtime.tv_nsec = 0;
> > % }
> > % vap->va_flags = 0;
> > % + /*
> > % + * The DOS Archive attribute means that a file needs to be
> > % + * archived. The BSD SF_ARCHIVED attribute means that a file has
> > % + * been archived. Thus the inversion here.
> > % + */
> >
> > No need to document it again. It goes without saying that ARCHIVE
> > != ARCHIVED.
> 
> I disagree. It wasn't immediately obvious to me that SF_ARCHIVED was
> generally used as the inverse of the DOS Archived bit until I started
> digging into this. If this helps anyone figure that out more quickly,
> it's
> useful.
> 
> > % if ((dep->de_Attributes & ATTR_ARCHIVE) == 0)
> > % vap->va_flags |= SF_ARCHIVED;
> > % + if (dep->de_Attributes & ATTR_HIDDEN)
> > % + vap->va_flags |= UF_HIDDEN;
> > % + if (dep->de_Attributes & ATTR_SYSTEM)
> > % + vap->va_flags |= UF_SYSTEM;
> > % vap->va_gen = 0;
> > % vap->va_blocksize = pmp->pm_bpcluster;
> > % vap->va_bytes =
> > % @@ -420,12 +429,21 @@
> > % if (error)
> > % return (error);
> > % }
> >
> > The permissions check before this is delicate and was broken and is
> > more broken now. It is still short-circuit to handle setting the
> > single flag that used to be supported, and is slightly broken for
> > that:
> > - unprivileged user asks to set ARCHIVE by passing !SF_ARCHIVED. We
> >   allow that, although this may toggle the flag and normal semantics
> >   for SF flags is to not allow toggling.
> > - unprivileged user asks to clear ARCHIVE by passing SF_ARCHIVED. We
> >   don't allow that. But we should allow preserving ARCHIVE if it is
> >   already clear.
> > The bug wasn't very important when only 1 flag was supported. Now it
> > prevents unprivileged users managing the new UF flags if ARCHIVE is
> > clear. Fortunately, this is the unusual case. Anyway, unprivileged
> > users can set ARCHIVE by doing some other operation. Even the
> > chflags()
> > operation should set ARCHIVE and thus allow further chflags()'s that
> > now
> > keep ARCHIVE set. Except it is very confusing if a chflags() asks
> > for
> > ARCHIVE to be clear. This request might be just to try to preserve
> > the current setting and not want it if other things are changed, or
> > it might be to purposely clear it. Changing it from set to clear
> > should
> > still be privileged.
> 
> I changed it to allow setting or clearing SF_ARCHIVED. Now I can set
> or
> clear the flag as non-root:
> 
> [root@doc-sd /testpool]# mount_msdosfs -u operator -g operator
> /dev/md0 /mnt
> [root@doc-sd /testpool]# cd /mnt
> [root@doc-sd /mnt]# ls -lao
> total 20
> drwxr-xr-x 1 operator operator arch 16384 Jan 1 1980 .
> drwxr-xr-x 27 root wheel - 1024 Mar 8 17:05 ..
> -rwxr-xr-x 1 operator operator - 0 Mar 8 16:54 foo
> [root@doc-sd /mnt]# su operator
> [operator@doc-sd /mnt]$ chflags arch foo
> [operator@doc-sd /mnt]$ ls -lao
> total 20
> drwxr-xr-x 1 operator operator arch 16384 Jan 1 1980 .
> drwxr-xr-x 27 root wheel - 1024 Mar 8 17:05 ..
> -rwxr-xr-x 1 operator operator arch 0 Mar 8 16:54 foo
> [operator@doc-sd /mnt]$ chflags 0 foo
> [operator@doc-sd /mnt]$ ls -lao
> total 20
> drwxr-xr-x 1 operator operator arch 16384 Jan 1 1980 .
> drwxr-xr-x 27 root wheel - 1024 Mar 8 17:05 ..
> -rwxr-xr-x 1 operator operator - 0 Mar 8 16:54 foo
> 
> > See the more complicated permissions check in ffs. It would be
> > safest
> > to duplicate most of it, to get different permissions checking for
> > the
> > SF and UF flags. Then decide if we want to keep allowing setting
> > ARCHIVE without privilege.
> 
> I think we should allow getting and setting SF_ARCHIVED without
> special
> privileges. Given how it is generally used, I don't think it should be
> restricted to the super-user.
> 
> Can you provide some code demonstrating how the permissions code
> should
> be changed in msdosfs? I don't know that much about that sort of
> thing,
> so I'll probably spend an inordinate amount of time stumbling
> through it.
> 
> > % - if (vap->va_flags & ~SF_ARCHIVED)
> > % + if (vap->va_flags & ~(SF_ARCHIVED|UF_HIDDEN|UF_SYSTEM))
> >
> > Style bugs (missing spaces around binary operator '|'). These style
> > bugs are common in atribute handling for other fs's but were not
> > here.
> 
> Fixed.
> 
> > % return EOPNOTSUPP;
> > % if (vap->va_flags & SF_ARCHIVED)
> > % dep->de_Attributes &= ~ATTR_ARCHIVE;
> > % else if (!(dep->de_Attributes & ATTR_DIRECTORY))
> > % dep->de_Attributes |= ATTR_ARCHIVE;
> >
> > The comment before this says that we ignore attmps to set
> > ATTR_ARCHIVED
> > for directories. However, it is out of date. WinXP allows setting it
> > and all the new flags for directories, and so do we.
> 
> Do you mean we allow setting it in UFS, or where? Obviously the code
> above
> won't set it on a directory.
> 
> > % + if (vap->va_flags & UF_HIDDEN)
> > % + dep->de_Attributes |= ATTR_HIDDEN;
> > % + else
> > % + dep->de_Attributes &= ~ATTR_HIDDEN;
> > % + if (vap->va_flags & UF_SYSTEM)
> > % + dep->de_Attributes |= ATTR_SYSTEM;
> > % + else
> > % + dep->de_Attributes &= ~ATTR_SYSTEM;
> >
> > I thought you were adding ATTR_READONLY -> UF_IMMUTABLE here.
> 
> No, I said in the commit message that it could be extended to map
> ATTR_READONLY to UF_IMMUTABLE, not that I actually did that.
> 
> I didn't make the change because of the existing code to map readonly
> to
> standard Unix permissions.
> 
> > The WinXP attrib command (at least on a FAT32 fs) doesn't allow
> > setting
> > or clearing ARCHIVE (even if it is already set or clear) if any of
> > HIDDEN, READONLY or SYSTEM is already set and remains set after the
> > command. Thus the HRS attributes act a bit like immutable flags, but
> > subtly differently. (ffs has the quite different and worse behaviour
> > of allowing chflags() irrespective of immutable flags being set
> > before
> > or after, provided there is enough privilege to change the immutable
> > flags.) Anyway, they should all give some aspects of immutability.
> 
> We could do that for msdosfs, but why add more things for the user to
> trip
> over given how the filesystem is typically used? Most people probably
> use it for USB thumb drives these days. Or perahps on a dual boot
> system
> to access their Windows partition.
> 
> > % +
> >
> > Style bug (extra blank line).
> 
> Fixed.
> 
> > % dep->de_flag |= DE_MODIFIED;
> > % }
> > %
> > % --- //depot/users/kenm/FreeBSD-test3/sys/sys/stat.h 2013-03-04
> > 17:51:12.000000000 -0700
> > % +++ /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/sys/stat.h
> > 2013-03-04
> > 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.563 2013-03-06 16:42:43.000000000 -0700
> > % +++ /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/sys/stat.h
> > 2013-03-06
> > 15:05:45.936126193 -0700
> > % @@ -268,6 +268,22 @@
> > % #define UF_OPAQUE 0x00000008 /* directory is opaque wrt. union */
> > % #define UF_NOUNLINK 0x00000010 /* file may not be removed or
> > renamed */
> >
> > Old style bugs: inconsistent space instead of tab after #define for
> > the 2
> > newer definitions.
> 
> Fixed.
> 
> > % /*
> > % + * These two bits are defined in MacOS X. They are not currently
> > used in
> > % + * FreeBSD.
> > % + */
> > % +#if 0
> > % +#define UF_COMPRESSED 0x00000020 /* file is compressed */
> > % +#define UF_TRACKED 0x00000040 /* renames and deletes are
> > tracked */
> > % +#endif
> > % +
> > % +#define UF_SYSTEM 0x00000080 /* Windows system file bit */
> > % +#define UF_SPARSE 0x00000100 /* sparse file */
> > % +#define UF_OFFLINE 0x00000200 /* file is offline */
> > % +#define UF_REPARSE 0x00000400 /* Windows reparse point file bit
> > */
> > % +/* This is the same as the MacOS X definition of UF_HIDDEN */
> > % +#define UF_HIDDEN 0x00008000 /* file is hidden */
> >
> > New style bugs: random spaces/tabs after #define. 1 main comment not
> > punctuated.
> 
> Fixed.
> 
> > % +
> > % +/*
> > % * Super-user changeable flags.
> > % */
> > % #define SF_SETTABLE 0xffff0000 /* mask of superuser
> > changeable flags */
> > % --- //depot/users/kenm/FreeBSD-test3/sys/ufs/ufs/ufs_vnops.c
> > 2013-03-04
> > 17:51:12.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/ufs/ufs/ufs_vnops.c
> > 2013-03-04 17:51:12.000000000 -0700
> > % --- /tmp/tmp.49594.581 2013-03-06 16:42:43.000000000 -0700
> > % +++
> > /usr/home/kenm/perforce4/kenm/FreeBSD-test3/sys/ufs/ufs/ufs_vnops.c
> > 2013-03-06 15:06:27.004132409 -0700
> > % @@ -529,8 +529,9 @@
> > % }
> > % if (vap->va_flags != VNOVAL) {
> > % if ((vap->va_flags & ~(UF_NODUMP | UF_IMMUTABLE | UF_APPEND |
> > % - UF_OPAQUE | UF_NOUNLINK | SF_ARCHIVED | SF_IMMUTABLE |
> > % - SF_APPEND | SF_NOUNLINK | SF_SNAPSHOT)) != 0)
> > % + UF_OPAQUE | UF_NOUNLINK | UF_HIDDEN | UF_SYSTEM |
> > % + UF_SPARSE | UF_OFFLINE | UF_REPARSE | SF_ARCHIVED |
> > % + SF_IMMUTABLE | SF_APPEND | SF_NOUNLINK | SF_SNAPSHOT))
> > != 0)
> > % return (EOPNOTSUPP);
> > % if (vp->v_mount->mnt_flag & MNT_RDONLY)
> > % return (EROFS);
> >
> > The random order is harder to read with more flags.
> 
> Fixed.
> 
> > I think unsupported flags should just be unsupported -- most or all
> > of the
> > new flags and SF_ARCHIVED too. Most need system support to work.
> > Without
> > system support you can only copy them from other fs's and then lose
> > them
> > when utilities like tar don't unsderstand them.
> 
> The primary reason I added these flags to UFS is to support CIFS
> servers.
> I have modifications to Likewise to support storing DOS/Windows/CIFS
> attributes as file flags, and we could do the same for Samba.
> 
> My eventual intent is to also add support to our NFS code to get/set
> the
> attributes that are allowed in the NFS 4.1 standard (hidden, system
> and
> archive are the ones I could find). So in this case, the filesystem
> role
> for some of these really is just to store it for someone else.
> 
Just fyi, they are supported by NFSv4.0 as well, so there is no need to
wait for the NFSv4.1 server code (which I have just started to work on).

If you'd like, I can easily do this in April (or later), if/when your
patch is committed.

Have fun with it, rick

> That is the way that ZFS handles attributes like hidden and system. It
> doesn't do anything with them, they're just used by the Solaris CIFS
> server.
> 
> Ken
> --
> Kenneth Merry
> ken@FreeBSD.ORG
> 
> _______________________________________________
> freebsd-arch@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to
> "freebsd-arch-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37540270.3721223.1362787904494.JavaMail.root>