Thursday, 16 February 2017

Working with extended attributes in Linux

Filesystem attributes on Linux file systems such as ext3, ext4 and xfs allow us to provide enhanced security to our files.

In order for extended attributes to work properly the filesystem (and kernel) must support them - you can easily check whether the filesystem supports them by checking he mount options with:

sudo tune2fs -l /dev/mapper/fedora-home  | grep xattr

Default mount options:    user_xattr acl

If it is not enabled you can easily add the 'user_xattr' option to the appropriate mount in the fstab.

Below I will describe some of the more common attributes:

chattr +i /etc/importantfile.conf

The 'i' stands for immutable and prevents deletion of the file.

chattr +u /etc/importantfile.conf

The 'u' options stands for undelete and allows the user to recover the file after deletion.

chattr +c /var/log/mybiglog.log

The 'c' option stands for compression and the kernel will compress the file before writing any changes to disk.

In the same way attributes can easily be removed from a file with:

chattr -i /etc/importantfile.conf

We also have extended attributes that allow you (or rather programs) to create custom attributes. There are four namespaces these extended attributes are divided up into:

- User
- System
- Security
- Trusted

By simply running the '-d' switch with getfattr we can view all of the user extended attributes:

getfattr -d user /etc/passwd

You will usually not see a lot - although I noticed that on files that are sent to you on Skype for Linux have the following user attribute added to them:

user.xdg.origin.url="https://weu1-api.asm.skype.com/v1/objects/<removed>/views/original"

Which appears to document where is was downloaded from on Skype servers.

We can also check other namespaces with the '-m' switch - for example to check the 'security' namespace:

getfattr -d -m security /etc/passwd

In this instance it returns an extended attribute that appears to be used by SELinux:

security.selinux="system_u:object_r:passwd_file_t:s0"

We can also set a custom attribute manually with:

setfattr -n user.example -v example /tmp/testfile

and remove it with:

setfattr -x user.example

0 comments:

Post a comment