getfattr

Retrieve all extended attributes of a file and display them in a detailed format

$ getfattr [[-d|--dump]] [path/to/file]

$ getfattr [[-n|--name]] user.[attribute_name] [path/to/file]

getfattr [-hRLP] [-n name] [-v value-format] [-m pattern] [--absolute-names] file...

file...
    One or more paths to files or directories from which to retrieve extended attributes.

-h, --no-dereference
    Do not dereference symbolic links. If file is a symbolic link, report its attributes rather than the attributes of the file it refers to.

-L, --dereference
    Dereference symbolic links. If file is a symbolic link, report the attributes of the file it refers to. This is the default behavior.

-P, --no-dereference-xattr
    This option is synonymous with -h. Do not dereference symbolic links when listing attributes.

-R, --recursive
    Recursively list attributes of files in directories. When combined with -L, it recurses into linked directories; with -P or -h, it does not.

-n name, --name=name
    Dump the value of the named extended attribute. If the attribute name does not exist, an error is reported.

-v value-format, --restore={text|hex|base64}
    Specify the output format for attribute values.
text (default) tries to interpret as text.
hex outputs values in hexadecimal.
base64 outputs values in base64 encoding.

-m pattern, --match=pattern
    Dump the values of all extended attributes whose names match the given regular expression pattern.

--absolute-names
    Do not strip leading slashes from file names in the output. Useful when recursively listing attributes from the root directory.

--version
    Display version information and exit.

--help
    Display a help message and exit.

The getfattr command is used to display extended attributes associated with files, directories, or symbolic links. Extended attributes are name:value pairs that store arbitrary metadata about a file or directory, independent of its regular data. They are fundamental for features like Access Control Lists (ACLs), SELinux security contexts, and user-defined metadata.

getfattr allows users to specify which attributes to retrieve (e.g., a specific name or a pattern) and how their values should be displayed (text, hex, or base64). When invoked without specific attribute names, it typically lists all extended attributes accessible to the user for the given file(s). It works in conjunction with setfattr, which is used to set or remove these attributes.

Permissions: Access to extended attributes is governed by standard file permissions. For instance, 'user.' attributes are typically readable by the file owner, while 'security.', 'system.', and 'trusted.' attributes often require root privileges or specific capabilities.

Filesystem Support: Extended attributes are not universally supported by all filesystems. Common Linux filesystems like ext2/3/4, XFS, and Btrfs support them. Filesystems like FAT/NTFS usually do not support extended attributes natively under Linux, unless mounted with specific options that emulate or store them in a different manner.

Kernel Configuration: The kernel must be compiled with extended attribute support (CONFIG_XATTR) and potentially specific filesystem XATTR support (e.g., CONFIG_EXT2_FS_XATTR for ext2/3/4).

The output of getfattr typically starts with the file path, followed by a list of extended attributes for that file. Each attribute is displayed as a 'name="value"' pair.
Example:

# file: /path/to/file
user.comment="This is a test comment"
security.selinux="unconfined_u:object_r:user_home_t:s0"

Extended attributes are organized into several namespaces, which dictate their behavior and access permissions:
user.: User-defined attributes. Generally accessible by the file owner.
security.: Used by security modules like SELinux or AppArmor to store security contexts.
system.: Used by the kernel for system-level attributes, such as POSIX ACLs.
trusted.: Only accessible by processes with CAP_SYS_ADMIN capability (typically root).

The getfattr command is part of the attr package, a set of utilities designed to manage filesystem extended attributes on Linux. The concept of extended attributes has been present in Linux kernels for a significant period, providing a flexible mechanism to attach arbitrary metadata to files and directories. This functionality became crucial for implementing features like Access Control Lists (ACLs) and security contexts for Mandatory Access Control (MAC) systems like SELinux. The attr package, including getfattr and setfattr, has been maintained and developed to provide a standard user-space interface for manipulating these attributes.

setfattr(1), attr(5), xattr(7)