Hi! On Sat, Apr 15, 2023 at 02:09:25PM +0200, Guillem Jover wrote: > The user namespace is called "user" and it is the default used, the > security namespace is "security", and the root namespace is either > "trusted" or "xfsroot" (for IRIX compatibility). > > This is also in the man page: > > ,-- > Extended attributes use 2 disjoint attribute name spaces associated > with every filesystem object. They are the root and user address spa‐ > ces. The root address space is accessible only to the superuser, and > then only by specifying a flag argument to the function call. Other > users will not see or be able to modify attributes in the root address > space. The user address space is protected by the normal file permis‐ > sions mechanism, so the owner of the file can decide who is able to > see and/or modify the value of attributes on any particular file. > `--- Wait, that paragraph's relevant here? The -L and -R thing says \fIroot\fP and \fIUSER\fP; this paragraph says \fBroot\fP and \fBuser\fP. If they're supposed to refer to the same thing then that's where you've lost me, because they very explicitly say they don't.
To make this less confusing, I'd also either call it "root's attribute namespace" or "the trusted attribute namespace". "root namespace", to me as a UNIX user, means the same as thing as "root directory" (especially since they're structured the same). If either of these were applied, I wouldn't've gotten caught by this. > I guess I could extend the description and mention explicitly what the > root namespaces are call, to avoid confusion. Here's a (mdoc(7), idk what the original uses) paragraph that I think works better: -- >8 -- Extended attributes use two disjoint attribute namespaces associated with every filesystem object: the .Sy user namespace, beholden to the normal file access control mechanism, and the trusted namespace .Pq Sy trusted , xfsroot , readable, writable, and observable only by the superuser. -- >8 -- (original has "address space" here a few times, which I think is nonsense? or at least it reads like nonsense; changed to "namespace") and in DESCRIPTION: -- >8 -- When the .Fl R option is given and the process has appropriate privileges, operate in the trusted namespace instead of the .Sy user namespace. .Pp The .Fl S option is similar, except it specifies use of the .Sy security namespace. -- >8 -- (original also has a "rather that" here). This, to me, would've hinted at precisely what I was observing. > I guess I should also > modify it to make it more clear this is a legacy program for IRIX > compatibility. Yeah, it was definitely unclear to me why attr ships attr(1) and getfattr(1), so I assumed the one that with the same name as the package is the more canonical one. That said, it looks like the latter points to the former to explain namespaces, so. If there were a link in attr(1) to getfattr(1), this wouldn't've been an issue, since it looks like getfattr -n system.posix_acl_access /tmp/stat Just Works. Thanks, наб
signature.asc
Description: PGP signature
