[SMB3POSIX] File attributes

Steve French smfrench at gmail.com
Tue Nov 28 23:32:48 UTC 2023 

On Tue, Nov 14, 2023 at 3:30 AM ronnie sahlberg <ronniesahlberg at gmail.com>
wrote:

> On Tue, 14 Nov 2023 at 19:16, Ralph Boehme via samba-technical
> <samba-technical at lists.samba.org> wrote:

<>
> > > chattr - change file attributes on a Linux file system
> > > Might be done via a tunnelling ioctl ? Other thoughts ?
> >
> > well, it's a rabbit hole of its own and still seem to be rarely used on
> > Linux and the BSDs. It's not POSIX anyway so just declare it out of
> > scope for now?
>
> Not to derail, but "chattr +i" is not a rabbithole. It is very much real.
> If you are going to set up and run bind locally on a systemd-resolved
> infected system
> you literally must use chattr +i to stop it from ruining your
> /etc/resolv.conf
>
> >
> > The Linux interface is via ioctls so doing it over the wire via SMB2
> > IOCTLs looks like a good way forward allowing us to ignore this for now
> > and possibly add it later if there's demand and resources to implement
> it.
> >
> > -slow
>

Couldn't we implement "chattr +i" ("immutable") by updating the ACL? Or if
the ACL solution is not good enough (e.g. preventing links to be created to
the
file etc.) then seems like no harm in defining an ioctl as a secondary way
to set the following attrs:

#define STATX_ATTR_COMPRESSED           0x00000004 /* [I] File is
compressed by the fs */
#define STATX_ATTR_IMMUTABLE            0x00000010 /* [I] File is marked
immutable */
#define STATX_ATTR_APPEND               0x00000020 /* [I] File is
append-only */
#define STATX_ATTR_NODUMP               0x00000040 /* [I] File is not to be
dumped */
#define STATX_ATTR_ENCRYPTED            0x00000800 /* [I] File requires key
to decrypt in fs */
#define STATX_ATTR_AUTOMOUNT            0x00001000 /* Dir: Automount
trigger */
#define STATX_ATTR_MOUNT_ROOT           0x00002000 /* Root of a mount */
#define STATX_ATTR_VERITY               0x00100000 /* [I] Verity protected
file */
#define STATX_ATTR_DAX                  0x00200000 /* File is currently in
DAX state */
-- 
Thanks,

Steve

More information about the samba-technical mailing list