where/how is 'xattr' type=security enforced? (security attr stripped?)
Dave Chinner
david at fromorbit.com
Mon Dec 9 23:52:13 CST 2013
On Mon, Dec 09, 2013 at 04:05:41PM -0800, Linda Walsh wrote:
> I got a weird message that I've never seen before -- nothing
> life shattering, just a curiosity that I thought shouldn't happen.
>
>
> I stored a file in my /home partition FROM a Win7 client
> via samba 3.6.16.
>
> With that file were also stored xattrs:
>
> DOSATTRIB, SAMBA_PAI and NTACL. Since linux is the 'server',
> These are all likely set via samba.
>
> To work on the file more, I wanted to move it
> to /tmp.
>
> I use mv:
> >mv /home/law/tmp/oVars.pm /tmp
> mv: setting attribute ‘security.NTACL’ for ‘security.NTACL’: Operation not permitted
You need root permissions to set security namespace attributes.
$setfattr -n security.NTACL -v foobarchucky /mnt/test/foo
setfattr: /mnt/test/foo: Operation not permitted
$ sudo setfattr -n security.NTACL -v foobarchucky
/mnt/test/foo
$ getfattr -n security.NTACL /mnt/test/foo
getfattr: Removing leading '/' from absolute path names
# file: mnt/test/foo
security.NTACL="foobarchucky"
$
[ On a side note, there's some sooper seekrit voodoo there in
getfattr. I feel that my systems are so much more secure knowing
that getfattr is protecting me from \something/ so dangerous it
can't possibly be worked around with sed or --absolute-names. ]
Cheers,
Dave.
--
Dave Chinner
david at fromorbit.com
More information about the xfs
mailing list