The Extended Attributes (XAttr) extension for NSS provides accessibility into many extended attributes for NSS on Linux. It allows you to read, back up, and restore extended attributes of files on NSS. This section discusses options to determine how extended attributes are handled for NSS on Linux.
Currently, the Linux Semantic Agent (LSA) uses the creation time as the value for ctime. We prefer that ctime be based on the metadata modified time instead of creation time, but modifying the ctime function might cause unknown complications. Thus, NSS provides the CtimeIsMetadataModTime option to allow an administrator to select the metadata modified time as the ctime value, rather than the creation time where the different time stamp matters for your deployment.
|
Commands |
Description |
|---|---|
nss /CtimeIsMetadataModTime |
Use the metadata modified time for ctime. |
nss /noCtimeIsMetadataModTime |
Use the LSA default of creation time for ctime. |
The CtimeIsMetadataModTime option can be set persistently in the /opt/novell/nss/conf/nssstart.cfg file, or it can be set from nsscon by a user with root access.
In OES SP2 and later, the NetWare metadata ( netware.metadata) extended attribute was added for files and directories. The ListXattrNWmetadata option for NSS allows a user or application with root access to select whether the netware.metadata extended attribute is returned for a file or directory at listxattr(2) time. The ListXattrNWmetadata option is disabled (OFF) by default. This option is intended for use by indexing or backup programs.
For users or applications without root access (without the CAP_SYS_ADMIN capability), the listxattr(2) command never lists the netware.metadata extended attribute, regardless of the ListXattrNWmetadata setting.
The ListXattrNWmetadata option can be set persistently in the /opt/novell/nss/conf/nssstart.cfg file, or it can be set from nsscon by a user with root access as follows:
The ListXattrNWmetadata option is available only to the user or application with root access (the CAP_SYS_ADMIN capability). It is disabled ( OFF) by default.
When this feature is enabled (ON) (such as by the backup user or by third-party backup software), and if the user or application has root access, the following occurs:
When copying NSS files or directories with the Linux cp utility from NSS volumes to NSS volumes, the cp utility copies the trustees assigned to a file or directory to the destination file or directory. This means that the old trustees of the file or directory now have visibility into the destination directory. In addition, the old trustees inherit trustee rights from the destination directory for other files in that directory.
NOTE:For users or applications without root access (without the CAP_SYS_ADMIN capability), the trustee information is not copied to the destination directory.
When copying NSS files with the cp utility from NSS volumes to non-NSS volumes, the cp utility issues a warning message advising that it could not apply the netware.metadata extended attribute.
NOTE:For users or applications without root access (without the CAP_SYS_ADMIN capability), the cp utility does not attempt to apply the netware.metadata extended attribute.
There is no workaround for these two copy-related issues for the user or application with root access. This is how the Linux cp utility works.
For information about how to use the Linux listxattr(2) command, see the man page (enter man 2 listxattr at a terminal console prompt).
For information about how to use the XAttr Extension for NSS, see the NDK: XAttr Extension for NSS .
For the latest patches for the km_nss module, visit the Novell Support SUSE Patch Support Database (by date listing) .