antipaucity

fighting the lack of good ideas

extended file attributes with ext[2|3|4]

Most Unix/Linux users, and – hopefully – all admins are familiar with the standard 9 bits of permissions typically supported on various *nix file systems:

---------
rwxrwxrwx
uuugggooo

Where “u”, “g”, and “o” indicate “user”, “group”, and “other” while “rwx” indicates whether the item can be read, written, or executed.

Also of note are file ownerships in the form of

user:group

So a file might be owned by warren:warren with read/write privileges only for the owner: rw-rw----.

That’s pretty handy.

How many of you know there are hidden permissions that do not show up in a normal use of ls -l?

I didn’t until last week – and I’ve been using Linux for more than a decade 🙁

Turns out that – at least with ext2, etx3, and ext4 filesystems – there are a variety of other attributes that can be assigned to a file. One of them is the immutable flag*.

(Using a related command to ls, lsattr, a person can view the extended attribute flags of a file.)

In specific, the immutable flag disallows even the owner from deleting his/her own file! There was the source of a very ornery issue I ran into while doing an upgrade last week of a customer’s management environment. The upgrade installer ran into an issue wherein it interrupted its own process. But when it did, it left the filesystem in an inconsistent state – specifically with regards to an SSL certificate file and the machine identifier file (agent.srv and mid, if you’re curious) having the immutable flag set. When attempting to pick back up with the upgrade, the installer failed more [apparently] asymptomatically (and esoterically) than I had ever seen before.

After several exchanges with senior product support, a working fix of running chattr -i /path/to/file was provided. Neither myself, nor any of the senior admins at my customer had ever heard of chattr. So off to the man pages. Turns out that chattr is quite the command – but it’s not well publicized (at least, I don’t think it is).

If you run into a file you own, but cannot delete, be sure to inspect the extended attributes with lsattr, and fix any mis-set flags with chattr.


*The entire list of alterable flags: “append only (a), compressed (c), no dump (d), extent format (e), immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory updates (D), synchronous updates (S), and top of directory hierarchy (T).” Non-modifiable, but visible with lsattr, flags: “huge file (h), compression error (E), indexed directory (I), compression raw access (X), and compressed dirty file (Z)”.

gaming expense reports? really?

At various stages in my career, I have traveled extensively – yet never even thought of “gaming” the expense reproting system the way it has been recently reported by CNN.

Being terminated over charging a movie to your room? Seems harsh (getting the $9.95 back from the employee would seem to be easier) – but breaking the rule is breaking the rule.

Being terminated over buying gum? Ok, so I WOULD terminate somebody over that … but I hate the stuff 😉

But it’s repulsive, revolting, and wrong
chewing and chewing all day long
The way that a cow does*

There are a host of ways listed in the article – that I find truly shocking – to cheat on expense reports: blank receipts? buying gifts and then selling them on eBay? double-billing? Wow. The sheer effort taken by some people to cheat is astonishing!

Where I work now has a corporate credit card issued to every traveling employee. The only time we submit non-AmEx charges is if a place doesn’t accept AmEx: it’s just way easier to use the corporate card than it is to try to give all the supporting documentation of a personal card. Plus, there’s the benefit that it’s not my personal limit that is being affected if a customer delays in paying a bill.

Everyone that works where I do now also follows the expense guidelines we have – don’t exceed the IRS per diem rate for your region (on average). If you want to eat someplace nice for dinner – that’s fine. Just eat someplace less expensive the next day. Sticking within the rules isn’t that hard … so why would you want to try to evade them and end up with employment history issues like termination on your record?