setfattr

Set name of attribute for file

$ setfattr [[-n|--name]] user.[attribute_name] [path/to/file]

$ setfattr [[-n|--name]] user.[attribute_name] [[-v|--value]] "[value]" [path/to/file]

$ setfattr [[-x|--remove]] user.[attribute_name] [path/to/file]

setfattr [options] --name=name [--value=value] path...
setfattr [options] --remove=name path...
setfattr [options] --restore=file

--name=name, -n name
    Sets the value of the extended attribute name. The attribute name must include a namespace prefix (e.g., user., security.).

--value=value, -v value
    Sets the value of the extended attribute. If not specified with --name, the attribute is set to an empty value. Values are typically expressed as strings or hexadecimal.

--remove=name, -x name
    Removes the extended attribute name from the specified files or directories.

--force, -f
    Continue operation even if some attributes cannot be set or removed due to permissions or other errors.

--no-dereference, -P
    Do not dereference symbolic links. Operate on the symbolic link itself rather than its target. This is the default behavior.

--dereference, -L
    Dereference symbolic links. Operate on the target of the symbolic link, not the link itself.

--restore=file
    Restore extended attributes from a backup file created by getfattr --dump. This allows bulk restoration of attributes.

--version
    Display version information and exit.

--help
    Display a help message and exit.

path...
    One or more files or directories on which to set or remove extended attributes.

setfattr is a command-line utility used to set or remove extended attributes (xattrs) on files and directories. Extended attributes are arbitrary key-value pairs associated with file system objects, providing metadata beyond standard file attributes like permissions, ownership, and timestamps. They are categorized into different namespaces such as user, security, system, and trusted, each serving specific purposes. For instance, security attributes are often used by Mandatory Access Control (MAC) systems like SELinux, while user attributes can store arbitrary data for applications or user scripts. setfattr allows administrators and users to programmatically manage this additional metadata, enabling more fine-grained control and data association with files. It is commonly used in conjunction with getfattr to view these attributes.

Not all file systems support extended attributes; common ones that do include ext2/3/4, XFS, and Btrfs. The maximum size of an attribute name and value can vary by file system, generally limited (e.g., 255 bytes for name, 64KB for value on Linux). Users must have appropriate permissions (ownership, write access) to modify extended attributes on a file. Only attributes in the user. namespace are generally editable by non-root users; others require root privileges or specific capabilities.

Extended attributes are organized into distinct namespaces:
user.: For arbitrary user-defined data. Non-privileged users can typically set and retrieve attributes in this namespace.
security.: Used by security modules like SELinux to store security labels. These are usually set by the kernel or processes with root privileges.
system.: For system-level metadata. Managed by the kernel or root processes.
trusted.: Accessible only to processes with the CAP_SYS_ADMIN capability. Intended for use by privileged processes to store trusted information.

Attribute values can be binary data. When displayed by getfattr, non-printable characters are often escaped for readability. When setting values with setfattr, they are typically passed as strings. If the value is intended to be interpreted as binary data, it's often represented in hexadecimal format (e.g., `--value=0xdeadbeef`).

The concept of extended attributes has been implemented in various Unix-like systems. On Linux, extended attributes were integrated into core filesystems like ext2/3/4, XFS, and Btrfs as part of a broader effort to enhance file metadata capabilities. setfattr is a key utility within the attr package, providing command-line access to manage these attributes. Its development and usage parallel the evolution of modern Linux filesystems to support richer and more flexible data association with file system objects.

getfattr(1), attr(5), lsattr(1), chattr(1)