#StackBounty: #btrfs #acl #xattr How to apply and use Rich Access Control Lists with BTRFS

Bounty: 50

I am just learning about Rich Access Control Lists on Linux. My immediate objective is to give members of the group the same rights as the owner for a subdirectory tree (all files and directories within).

I have reviewed the man pages for setfattr and getfattr. Neither of those man pages provide a list of the available RichACL’s. (I’m really only interested in the RichACL’s that are compatible with BTRFS.)

This is another good resource richacl: Rich Access Control Lists – Linux Man Pages (7) that provided some background.

I have done simple examples such as:

setfattr -n user.comment -v "this is a comment" test.txt

Followed by:

getfattr test.txt

I know that these operations are different from setfacl and getfacl.

I also understand there are four namespaces of extended file attributes:

  • user
  • trusted
  • security
  • system

And I know that RichACL’s are richer than POSIX ACL’s. And ACLs are different from extended attributes (but they may be stored in xattr name spaces). I know the specifics of what I’m trying to do are filesystem dependent, and that’s OK. I only care about BTRFS.

However, I don’t have enough information to be able to do anything useful yet. As mentioned, the first thing I want to do is to give the group all the same rights as the owner of a file or directory. Then I want to have those inherited to subdirectories and files in those directories.

Some specific examples include: I want the group members to be able to do operations like chmod, chatttr or even chown, if I deem that to be appropriate.

Get this bounty!!!

#StackBounty: #files #symlink #ext4 #delete #xattr How to make a symlink read only (`chattr +i /location/symlink`)?

Bounty: 50

How can we lock a symlink so it cannot be deleted?

With a normal file/directory chattr +i /file/location can achieve this but doing so with a symlink we get chattr: Operation not supported while reading flags on my-file.

There is a similar question, How to set chattr +i for my /etc/resolv.conf?, but without a solution that could be applied here.

Get this bounty!!!