Extended file attributes


Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem. Unlike forks, which can usually be as large as the maximum file size, extended attributes are usually limited in size to a value significantly smaller than the maximum file size. Typical uses include storing the author of a document, the character encoding of a plain-text document, or a checksum, cryptographic hash or digital certificate, and discretionary access control information.
In Unix-like systems, extended attributes are usually abbreviated as xattr.

Implementations

AIX

In AIX, the JFS2 v2 filesystem supports extended attributes, which are accessible using the getea command. The getea,, setea, listea, statea, and removeea APIs support fetching, setting, listing, getting information about, and removing extended attributes.

OpenBSD

Support for extended file attributes was removed from the OpenBSD source code in 2005 due to a lack of interest in Access Control Lists

FreeBSD

In FreeBSD 5.0 and later, the UFS1, UFS2, and ZFS filesystems support extended attributes, using the extattr_ family of system calls. Any regular file may have a list of extended attributes. Each attribute consists of a name and the associated data. The name must be a null-terminated string, and exists in a namespace identified by a small-integer namespace identifier. Currently, two namespaces exist: user and system. The user namespace has no restrictions with regard to naming or contents. The system namespace is primarily used by the kernel for access control lists and mandatory access control.

Linux

In Linux, the ext2, ext3, ext4, JFS, Squashfs, Yaffs2, ReiserFS, Reiser4, XFS, Btrfs, OrangeFS, Lustre, OCFS2 1.6, ZFS, and F2FS filesystems support extended attributes when enabled in the kernel configuration. Any regular file or directory may have extended attributes consisting of a name and associated data. The name must be a null-terminated string prefixed by a namespace identifier and a dot character. Currently, four namespaces exist: user, trusted, security and system. The user namespace has no restrictions with regard to naming or contents. The system namespace is primarily used by the kernel for access control lists. The security namespace is used by SELinux, for example.
Support for the extended attribute concept from a POSIX.1e draft that had been withdrawn in 1997 was added to Linux around 2002.
As of 2016, they are not yet in widespread use by user-space Linux programs, but are used by Beagle, OpenStack Swift, Dropbox, KDE's semantic metadata framework, Chromium, Wget and cURL. A set of recommendations for using them is available at freedesktop.org.
The Linux kernel allows extended attribute to have names of up to 255 bytes and values of up to 64KiB,
as do XFS and ReiserFS,
but ext2/3/4 and btrfs impose much smaller limits, requiring all the attributes of one file to fit in one "filesystem block". Per POSIX.1e, the names are required to start with one of security, system, trusted, and user plus a period. This defines the four namespaces of xattrs.
Extended attributes can be accessed and modified using the getfattr and setfattr commands from the attr package on most distributions. The APIs are called and.

macOS

and later support extended attributes by making use of the HFS+ filesystem Attributes file B*-tree feature which allows for named forks. Although the named forks in HFS+ support arbitrarily large amounts of data through extents, the OS support for extended attributes only supports inline attributes, limiting their size to that which can fit within a single B*-tree node. Any regular file may have a list of extended attributes. HFS+ supports an arbitrary number of named forks, and it is unknown if macOS imposes any limit on the number of extended attributes.
Each attribute consists of a name and the associated data. The name is a null-terminated Unicode string. No namespace restrictions are present and the convention is to use a reverse DNS string as the attribute name.
macOS supports listing, getting, setting, and removing extended attributes from files or directories using a Linux-like API. From the command line, these abilities are exposed through the xattr utility.
Since macOS 10.5, files originating from the web are marked with com.apple.quarantine via extended file attributes. In some older versions of macOS, user space extended attributes were not preserved on save in common Cocoa applications.

OS/2

In OS/2 version 1.2 and later, the High Performance File System was designed with extended attributes in mind, but support for them was also retro-fitted on the FAT filesystem of DOS.
For compatibility with other operating systems using a FAT partition, OS/2 attributes are stored inside a single file "" located in the root directory. This file is normally inaccessible when an operating system supporting extended attributes manages the disk, but can be freely manipulated under, for example, DOS. Files and directories having extended attributes use one or more clusters inside this file. The logical cluster number of the first used cluster is stored inside the owning file's or directory's directory entry. These two bytes are used for other purposes on the FAT32 filesystem, and hence OS/2 extended attributes cannot be stored on this filesystem.
Parts of OS/2 version 2.0 and later such as the Workplace Shell uses several standardized extended attributes for purposes like identifying the filetype, comments, computer icons and keywords about the file.
Programs written in the interpreted language Rexx store an already parsed version of the code as an extended attribute, to allow faster execution.

Solaris

version 9 and later allows files to have "extended attributes", which are actually forks; the maximum size of an "extended attribute" is the same as the maximum size of a file, and they are read and written in the same fashion as files. Internally, they are actually stored and accessed like normal files, so their names cannot contain "/" characters and their ownership and permissions can differ from those of the parent file.
Version 4 of the Network File System supports extended attributes in much the same way as Solaris.

Windows NT

On Windows NT, limited-length extended attributes are supported by FAT, HPFS, and NTFS. This was implemented as part of the OS/2 subsystem. They are notably used by the NFS server of the Interix POSIX subsystem in order to implement Unix-like permissions. The Windows Subsystem for Linux added in the Windows 10 Anniversary Update uses them for similar purposes, storing the Linux file mode, owner, device ID, and file times in the extended attributes.
Additionally, NTFS can store arbitrary-length extended attributes in the form of alternate data streams, a type of resource fork. Plugins for the file manager Total Commander, like NTFS Descriptions and QuickSearch eXtended support filtering the file list by or searching for metadata contained in ADS. NTFS-3G supports mapping ADS to extended attributes in FUSE; it also maps file attributes that way.