10

I've got a Nagios XI install running on CentOS 6.2, and want to modify the backup script. I noticed that the extended attribute bit is set for this shell script, so I want to be sure not to mess anything up when I make changes to it. I experimented and found that "cp -p" does not preserve this setting (see comment for update on this). I'm new to extended attributes on Linux, and found that there's a command 'getfattr' that is supposed to display the extended attributes, however it doesn't display anything for this file.

cd /usr/local/nagiosxi/scripts
ll backup_xi.sh
-rwxr-x---.  1 nagios nagios   2757 Jul  3 10:03 backup_xi.sh*

# nothing is displayed by 'getfattr':
getfattr -d backup_xi.sh

# and nothing special seems to be present according to 'getfacl':
getfacl backup_xi.sh
# file: backup_xi.sh
# owner: nagios
# group: nagios
user::rwx
group::r-x
other::---

Ultimately, my objective is to modify the file while preserving whatever attributes were set during the original product installation. Is there a reason why the extended attribute bit is set, even though no properties are apparently present according to getfattr?

Castaglia
  • 3,239
  • 3
  • 19
  • 40
Alan
  • 541
  • 1
  • 6
  • 20
  • 1
    Well, I solved one riddle: "cp -p" defaults to "cp --preserve=mode,ownership,timestamps". Using "cp --preserve=all backup_xi.sh backup_xi.sh.ORIG" works and preserves the extended attribute bit. – Alan Aug 10 '12 at 18:31

1 Answers1

10

The security.selinux extended attribute is not shown by default by getfattr; you must explicitly request it.

$ getfattr -d Work
$ getfattr -n security.selinux Work
# file: Work
security.selinux="unconfined_u:object_r:user_home_t:s0"
Ignacio Vazquez-Abrams
  • 45,019
  • 5
  • 78
  • 84
  • 5
    Thank you. The getfattr man page is very misleading: "-d: Dump the values of all extended attributes associated with pathname." Apparently "all" doesn't mean "ALL". Wow. I found that the option "-m" with the pattern "-" lists "all" attributes. Using the command "getfattr -m - backup_xi.sh", I see "security.selinux" as the only attribute. – Alan Aug 10 '12 at 20:30
  • Indeed, the man page hides: *"The default value for pattern is "^user\\.", which includes all the attributes in the user namespace. Specify "-" for including all attributes."* Good to know. – Asherah Jan 22 '19 at 04:34
  • 1
    To list all extended attributes : `getfattr -d -m ".*" ` – elig Jun 22 '19 at 21:05