Name

gfarm_attr — Gfarm Extended Attributes

DESCRIPTION

Every files and directories in Gfarm filesystem can have extended attributes. Extended attributes are name:value pairs.

EXTENDED ATTRIBUTE NAMESPACES

The extended attributes which have "gfarm." or "gfarm_root." prefix name are specially treated in Gfarm filesystem. General Gfarm users can freely use the extended attributes which have "user." prefix name. XML extended attributes can have any names.

Everyone can get the "gfarm.*" extended attributes. Owner or gfarmroot group can modify the "gfarm.*" extended attributes.

The users in gfarmroot group or the users in "gfarm_root.uesr" of the entry or the groups in "gfarm_root.group" of the entry can get/modify the "gfarm_root.*" extended attributes.

The "user.*" extended attributes can be gotten/modified on the entry (file or directory) permission.

Symbolic links cannot have any extended attributes.

GFARM EXTENDED ATTRIBUTES

The following is a list of the extended attribute names used in Gfarm filesystem.

gfarm.ncopy

This is the number of file replicas to be created automatically in gfmd.

gfarm.acl_access

This is Access ACL (Access Control List).

gfarm.acl_default

This is Default ACL. Only directories can have/use this extended attribute.

gfarm_root.user

This is the list of user names who can have the privilege for the entry (file or directory). The names are separated by a new line (\n). This extended attribute is copied to a new entry (file or directory) from the parent directory (when the parent directory has this extended attribute).

gfarm_root.group

This is the list of group names who can have the privilege for the entry (file or directory). The names are separated by a new line (\n). This extended attribute is copied to a new entry (file or directory) from the parent directory (when the parent directory has this extended attribute).

SECURITY NOTES

When untrusted users are registered in the gfarm_root.{user,group} extended attributes of any files or directories, a Security Hole exists on the mount point of gfarm2fs with "-o suid,allow_other" option executed by root (even if either "-o ro" option or "-o default_permissions" option is also specified). Therefore both "-o suid,allow_other" option and gfarm_root.{user,group} extended attributes should not be used.

SEE ALSO

gfxattr(1), gfgetfacl(1), gfsetfacl(1)