Extended Attributes and ACLs

Often enough I confuse them myself, so here's a little cheatsheet for you^Wme to remember:


ACLs are extending the traditional permission model with a more fine-grained one.
  • - getfacl, setfacl - filesystem independen access control list manipulation
  • - chacl - an IRIX-compatibility command
$ chacl u::rw-,g::r--,o::r--,u:dummy:--x,m::r-x file.txt
$ chacl -l file.txt 
file.txt [u::rw-,u:dummy:--x,g::r--,m::r-x,o::r--]
$ su -c "cat ./file.txt" dummy 
cat: ./file.txt: Permission denied

$ setfacl -m u::rw-,g::---,o::---,u:dummy:r--,m::r-x file.txt
$ getfacl file.txt 
# file: file.txt
# owner: root
# group: root


Extended attributes are arbitrary name/value pairs which are associated with files or directories.
  • setfattr, getfattr - filesystem independent extended attribute manipulation
  • attr - aimed specifically at users of the XFS filesystem
$ attr -q -s foo -V 42 file.txt 
$ attr -g foo file.txt 
Attribute "foo" had a 3 byte value for file.txt:
$ setfattr -n user.bar -v 23 file.txt
$ getfattr -n user.bar file.txt
# file: file.txt

file attributes

These "file attributes" look like they were meant to be supported by the ext2/3/4 filesystems only. However, Btrfs, JFS and XFS support them as well, ReiserFS and Reiser4 do not. In fact, I haven't found a mount option for Reiser4 yet to support ACLs and EAs either :-\
# chattr +i file.txt 
# lsattr file.txt
----i-------------- file.txt
# rm -f file.txt 
rm: cannot remove `file.txt': Operation not permitted