Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

is there something like alternate data streams on any linux filesystem?

Tags:

On Windows NTFS there is a nice but mostly unused feature called "Alternate Data Streams" (ADS) which I recently used in a hobby-dev project.

On Mac HFS+ there is also a similarly nice but mostly unused feature called "named forks".

I am thinking of porting this project to Linux, but I do not know if any Filesystem on linux has such a feature?

like image 712
Peter Parker Avatar asked Oct 07 '08 18:10

Peter Parker

People also ask

Does Linux have alternate data streams?

Linux has support for extended attributes, but not for alternate data streams or NFSv4 named attributes (either on client or server).

Which file system supports alternate data streams?

Alternate Data Streams (ADS) are a file attribute only found on the NTFS file system.

Why do alternate data streams exist?

Alternate Data Streams (ADS) have been around since the introduction of windows NTFS. They were designed to provide compatibility with the old Hierarchical File System (HFS) from Mac which uses something called resource forks.

Why alternate data streams are a concern in computer forensics?

Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory.

1 Answers

There are file systems on both Windows and Linux (and other OSes) that support extended attributes (EAs). The Windows support was added for OS/2 compat and does not have any documented interface, except for a hacky method through the backup API (that's what Cygwin does). EAs are designed to store small values only. On Windows, each EA has an ASCII name (whereas almost all other names are Unicode) and the combined size of all EAs on a file can't be larger than 64k. EAs are not files: you can't open a file handle to an EA and read it like a normal file.

Alternate data streams are a separate feature provided by NTFS which allows you to provide alternate subfiles inside of a file. Every file has a default unnamed data stream that is automatically opened unless you specify an alternate one. You can open a handle to an ADS and read (even execute) it like a normal file, with a single (Unicode) filename. An ADS can be as large as any disk file.

There is no exact analog to ADSes on Linux that I know of, but you may be able to use EAs on the Linux port instead if the data values are small.

like image 138
Chris Smith Avatar answered Sep 22 '22 03:09

Chris Smith
Sign in to Comment

Related questions

Why is it better to use readonly properties verses functions? [closed]
Testing for assert in the Boost Test framework
Comprehensive methods of viewing memory usage on Solaris [closed]
Do you have coding standards? If so, how are they enforced? [closed]
XSD - How to describe an unordered set of element types where the first element must appear first in the sequence?
Database Internals - Where to Begin? [closed]
How do I configure the name of a Windows service upon installation (or easily at compile time)?
Correct way to implement C# console application?
Getting the relative uri from the absolute uri
Servlet context scope vs global variable
How can I grep for a text pattern in a zipped text file?
How to create a good evaluation function for a game?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!