mirror of https://github.com/mkerrisk/man-pages
attr.7: srcfix: wrap long lines and wrap at end of sentences
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
5d993ac57d
commit
933e467539
26
man7/attr.7
26
man7/attr.7
|
@ -76,11 +76,11 @@ Currently the
|
||||||
.IR trusted ,
|
.IR trusted ,
|
||||||
and
|
and
|
||||||
.IR user
|
.IR user
|
||||||
extended attribute classes are defined as described below. Additional
|
extended attribute classes are defined as described below.
|
||||||
classes may be added in the future.
|
Additional classes may be added in the future.
|
||||||
.SS Extended security attributes
|
.SS Extended security attributes
|
||||||
The security attribute namespace is used by kernel security modules,
|
The security attribute namespace is used by kernel security modules,
|
||||||
such as Security Enhanced Linux.
|
such as Security Enhanced Linux.
|
||||||
Read and write access permissions to security attributes depend on the
|
Read and write access permissions to security attributes depend on the
|
||||||
policy implemented for each security attribute by the security module.
|
policy implemented for each security attribute by the security module.
|
||||||
When no security module is loaded, all processes have read access to
|
When no security module is loaded, all processes have read access to
|
||||||
|
@ -88,7 +88,8 @@ extended security attributes, and write access is limited to processes
|
||||||
that have the CAP_SYS_ADMIN capability.
|
that have the CAP_SYS_ADMIN capability.
|
||||||
.SS Extended system attributes
|
.SS Extended system attributes
|
||||||
Extended system attributes are used by the kernel to store system
|
Extended system attributes are used by the kernel to store system
|
||||||
objects such as Access Control Lists and Capabilities. Read and write
|
objects such as Access Control Lists and Capabilities.
|
||||||
|
Read and write
|
||||||
access permissions to system attributes depend on the policy implemented
|
access permissions to system attributes depend on the policy implemented
|
||||||
for each system attribute implemented by filesystems in the kernel.
|
for each system attribute implemented by filesystems in the kernel.
|
||||||
.SS Trusted extended attributes
|
.SS Trusted extended attributes
|
||||||
|
@ -101,19 +102,24 @@ to which ordinary processes should not have access.
|
||||||
.SS Extended user attributes
|
.SS Extended user attributes
|
||||||
Extended user attributes may be assigned to files and directories for
|
Extended user attributes may be assigned to files and directories for
|
||||||
storing arbitrary additional information such as the mime type,
|
storing arbitrary additional information such as the mime type,
|
||||||
character set or encoding of a file. The access permissions for user
|
character set or encoding of a file.
|
||||||
|
The access permissions for user
|
||||||
attributes are defined by the file permission bits.
|
attributes are defined by the file permission bits.
|
||||||
.PP
|
.PP
|
||||||
The file permission bits of regular files and directories are
|
The file permission bits of regular files and directories are
|
||||||
interpreted differently from the file permission bits of special files
|
interpreted differently from the file permission bits of special files
|
||||||
and symbolic links. For regular files and directories the file
|
and symbolic links.
|
||||||
|
For regular files and directories the file
|
||||||
permission bits define access to the file's contents, while for device special
|
permission bits define access to the file's contents, while for device special
|
||||||
files they define access to the device described by the special file.
|
files they define access to the device described by the special file.
|
||||||
The file permissions of symbolic links are not used in access
|
The file permissions of symbolic links are not used in access checks.
|
||||||
checks. These differences would allow users to consume filesystem resources in
|
These differences would allow users to consume filesystem resources in
|
||||||
a way not controllable by disk quotas for group or world writable special files and directories.
|
a way not controllable by disk quotas for group or world writable
|
||||||
|
special files and directories.
|
||||||
.PP
|
.PP
|
||||||
For this reason, extended user attributes are only allowed for regular files and directories, and access to extended user attributes is restricted to the
|
For this reason,
|
||||||
|
extended user attributes are only allowed for regular files and directories,
|
||||||
|
and access to extended user attributes is restricted to the
|
||||||
owner and to users with appropriate capabilities for directories with the
|
owner and to users with appropriate capabilities for directories with the
|
||||||
sticky bit set (see the
|
sticky bit set (see the
|
||||||
.BR chmod (1)
|
.BR chmod (1)
|
||||||
|
|
Loading…
Reference in New Issue