chattr (Change Attribute) is a command line Linux utility that is used to change the file attributes. It sets/unsets certain attributes to a file in Linux system to secure accidental deletion or modification of important files and folders, even though you are logged in as a root user. So, you make the file immutable. In others words, it means that it is used to stop accidentally delete of files and folder. You cannot delete the files secured via chattr attribute even though you have full permission over files. This is very usefull in system files like shadow and passwd files which contain all user information and passwords. These attributes can only be set on files and directories located in an ext2, ext3, or an ext4 file system. There are two commands lsattr and chattr that are used for attribute management. The following is the list of commonly used attributes
Understanding chattr command behaviour
The syntax is
chattr [ -RVf ] [ -v version ] [ mode ] files...
chattr command operates by indicating attributes and options to set to a file. An attribute is a specific condition in which a file or directory can exist and an option is the manner that the attributes will be set
Files and folders aren't actually changed when attributes are applied or removed, they're just understood differently by the operating system and other software. A file with an immutable attribute:
- Can not be modified, deleted, renamed
- No soft or hard link can be created by anyone including root user.
- No data can be written to the file
chattr command operates by adding/setting, listing and removing/unsetting attributes. Theses attributes can be manipulated with operators:
+causes the selected attributes to be added (set) to the existing attributes of the files;
-causes the selected attributes to be removed (unset);
=causes the selected attributes to be the only attributes that the files have.
Possible options for
chattr command are:
-Rrecursively changes attributes of directories and their contents
-Vis to be verbose and print the program version
-fsuppresses most error messages
Possibles attributes are:
a: the file can only be opened in append mode for writing.
A: the atime record of the file is not modified. This avoids a certain amount of disk I/O for laptop systems.
c: the file is automatically compressed on the disk by the kernel. A read from this file returns uncompressed data. A write to this file compresses data before storing them on the disk.
C: the file will not be subject to copy-on-write updates. This flag is only supported on file systems which perform copy-on-write. If the 'C' flag is set on a directory, it will have no effect on the directory
d: the file is not candidate for backup when the dump program is run.
D: when a directory is modified, the changes are written synchronously on the disk; this is equivalent to the 'dirsync' mount option applied to a subset of the files.
i: file cannot be modified, deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser can set or clear this attribute.
j: the file has all of its data written to the ext3 or ext4 journal before being written to the file itself,
s: if the file is deleted, its blocks are zeroed and written back to the disk.
S: if the file is modified, the changes are written synchronously on the disk; this is equivalent to the 'sync' mount option applied to a subset of the files.
t: the file will not have a partial block fragment at the end of the file merged with other files
T: the directory will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.
u: makes that if a file is deleted, its contents are saved. This allows the user to ask for its undeletion
1) How to check file attributes
Before setting up attributes, it is recommended to check any existing files attributes. We can do this with lsattr command# lsattr
# lsattr -------------e-- ./coreutils-8.22-18.el7.x86_64.rpm -------------e-- ./pac -------------e-- ./utils -------------e-- ./linox
To directly check attributes of a file, do:
# lsattr coreutils-8.22-18.el7.x86_64.rpm -------------e-- coreutils-8.22-18.el7.x86_64.rpm
To directly check attributes of a folder, do:
$ lsattr -d test -------------e-- test/
Our command shows that there is no attributes.
Notice that it exists some attributes which can not be applied with
chattr command but can only be listed with
lsattr command. You need to be able to know the signification if you see it somewhere. So the attributes below can only be displayed with
e: it indicates that the file is using extents for mapping the blocks on disk.
E: it is used by the experimental compression patches to indicate that a compressed file has a compression error.
h: attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors, and means that the file is (or at one time was) larger than 2TB.
I: it is used by the htree code to indicate that a directory is being indexed using hashed trees.
N: file has data stored inline, within the inode itself.
During our test, we will create files and directories to test each command shown below
2) How to set and unset an attribute
We have seen that
chattr command uses operators to set attributes on files. So to set a flag, we will use one the attribute listed above with the
+ operator as the command shows below
chattr +i file1
When a file a flag, it means that an attributed is set on it. To remove an attribute, we use
- operator as the command shows
chattr -i file1
3) How to protect file with 'i' attribute
With i attribute, you can only read the file. All other actions excepts read will be denied including append, edit, rename or delete. Only root user can set and remove immutable flag on a file.
In this scenario, we will create a file as normal user, change permissions, and set it immutable. We will try to delete it after
$ touch file1 $ ls -l total 99120 -rw-r--r-- 1 root root 101490688 Apr 12 18:33 chefdk_1.3.40-1_amd64.deb -rw-rw-r-- 1 ubuntu ubuntu 0 Apr 13 00:50 file1 drwxr-xr-x 8 root root 4096 Apr 12 18:06 nagios-cookbook-tutorial
Now let's see the defaults attributes
$ lsattr -------------e-- ./nagios-cookbook-tutorial -------------e-- ./chefdk_1.3.40-1_amd64.deb -------------e-- ./file1
In the commands below, we will put a content on the file and apply the
$ echo "Test of i attribute" > file1 $ cat file1 Test of i attribute
$ chattr +i file1 chattr: Operation not permitted while setting flags on file1
$ sudo chattr +i file1 $ lsattr -------------e-- ./nagios-cookbook-tutorial -------------e-- ./chefdk_1.3.40-1_amd64.deb ----i--------e-- ./file1
You can see that we can't use the
i attribute if we are not root user.
In the commands below, we wil try to do some operations on the file and see the results
$ echo "Try to edit after set i attribute" >> file1 -bash: file1: Permission denied
$ sudo echo "Try to edit after set i attribute" >> file1 -bash: file1: Permission denied
$ rm -f file1 rm: cannot remove 'file1': Operation not permitted
$ sudo rm -f file1 rm: cannot remove 'file1': Operation not permitted
$ lsattr file1 ----i--------e-- ./file1 $ chattr -i file1 chattr: Operation not permitted while setting flags on file1
$ sudo chattr -i file1
Look how there is no operation possible on the file. You can see that, on the root user can remove the attribute
$ lsattr file1 -------------e-- ./file1
$ sudo echo "Try to edit after set i attribute" >> file1 $ cat file1 Test of i attribute Try to edit after set i attribute
$ rm -f file1 $ ls -l total 99120 -rw-r--r-- 1 root root 101490688 Apr 12 18:33 chefdk_1.3.40-1_amd64.deb drwxr-xr-x 8 root root 4096 Apr 12 18:06 nagios-cookbook-tutorial
As you can see, after addition of flag
i, file1 is not being appended, deleted even by the owner, root. Only root was be able to add and remove the flag. Directly after removing the flag, we were able to edit and delete the file
4) How to secure folders with 'i' attribute
As with files, we can also protect folder for modifications. So, let us create a directory for the example
$ mkdir linoxide $ lsattr -d linoxide -------------e-- ./linoxide
Let's put a content in our created directory. We will create files and sub-directories
$ cd linoxide/ $ ls -l total 0 ~/linoxide$ mkdir folder1 ~/linoxide$ touch sun mecha
~/linoxide$ ls folder1 mecha sun ~/linoxide$ mv sun folder1/
/linoxide$ lsattr -------------e-- ./folder1 -------------e-- ./mecha
~/linoxide$ ls folder1 sun
~/linoxide$ cd .. ~$ lsattr -d linoxide -------------e-- ./linoxide
Now that we have created our sub-directories, we will apply the attributes on the folder and see the result
$ sudo chattr +i linoxide/ $ lsattr -d linoxide/ ----i--------e-- linoxide/
You can see that it took effect. Now let's go see if it also affects the files and sub-directories
cd linoxide/ ubuntu@ubuntu-xenial:~/linoxide$ lsattr -------------e-- ./folder1 -------------e-- ./mecha
NB: You can see that
i attribute doesn't appear when we check the attributes of the content for "linoxide" folder. Try to do some operations in the direct content of our folder
~/linoxide$ rm mecha ~/linoxide$ rm mecha rm: cannot remove 'mecha': Permission denied
~/linoxide$ rm -r folder1/ rm: cannot remove 'folder1/': Permission denied
~/linoxide$ rm -rf folder1/ rm: cannot remove 'folder1/': Permission denied
~/linoxide$ rm -rf mecha rm: cannot remove 'mecha': Permission denied
$ mkdir toto mkdir: cannot create directory ‘toto’: Permission denied
touch papi touch: cannot touch ‘papi’: Permission denied
We can't delete any content event create a directory or file. Now let's try to edit the file to add a content
~/linoxide$ echo "just look" > mecha ~/linoxide$ cat mecha just look
~/linoxide$ echo "add a line" >> mecha ~/linoxide$ cat mecha just look add a line
~/linoxide$ echo "replace the content" > mecha ~/linoxide$ cat mecha replace the content
See, We are able to modify the content of the file even if we are not able to delete it.
~/linoxide$ mv mecha new-mecha mv: cannot move 'mecha' to 'new-mecha': Permission denied
See, not able to rename the file too. Now let's try to make some operations in the sub-directory. So enter to our sub-directory for some operations on the contents already presents.
~/linoxide$ cd folder1/ ~/linoxide/folder1$ lsattr -------------e-- ./sun
~/linoxide/folder1$ mkdir test ~/linoxide/folder1$ ls sun test
~/linoxide/folder1$ touch possible ~/linoxide/folder1$ ls possible sun test
See, we are able to create a file in the sub-directory folder1 of linoxide
~/linoxide/folder1$ echo "modify sun" > sun ~/linoxide/folder1$ cat sun modify sun
~/linoxide/folder1$ echo "edit possible" > possible ~/linoxide/folder1$ cat possible edit possible
~/linoxide/folder1$ mv sun test/ ~/linoxide/folder1$ ls possible test
$ lsattr -------------e-- ./possible -------------e-- ./test
We can see that there is no attribute applied in the sub-directory, so let's try to delete something
~/linoxide/folder1$ rm -R test/ ~/linoxide/folder1$ ls possible
~/linoxide/folder1$ rm possible ~/linoxide/folder1$ ls -l total 0
You can see that we were not able to delete direct contents of our linoxide directory but we have easily deleted the contents of folder1 sub-directory.
Now, we need to apply the attribute on the content of sub-directory too. So let's use
-R option to set attributes and let's look the changes
$ sudo chattr -R +i linoxide/ $ sudo chattr -R +i linoxide/ $ lsattr -d linoxide/ ----i--------e-- linoxide/
We can see that attribute is applied. Now enter to the folder and check the sub-directory
$ cd linoxide/ ~/linoxide$ lsattr ----i--------e-- ./folder1 ----i--------e-- ./mecha
We can see that it affects sub-directory too
~/linoxide$ echo "Test of recursion" > mecha -bash: mecha: Permission denied
~/linoxide$ echo "it doesn't work" >> mecha -bash: mecha: Permission denied
~/linoxide$ sudo echo "waouh, different with -R" >> mecha -bash: mecha: Permission denied
We can notice that, with
-R option, we are not able to modify the content of a file and delete anything while we were able to edit a file not to delete it without
-R option. Now Let's us try some operations on our sub-directory
~/linoxide$ cd folder1/ ~/linoxide/folder1$ ls -l total 0
~/linoxide/folder1$ touch sun-test touch: cannot touch 'sun-test': Permission denied
~/linoxide/folder1$ mkdir test2 mkdir: cannot create directory ‘test2’: Permission denied
~/linoxide/folder1$ ls -l total 0
Now we were not able a create a file on the sub-directory. There is a difference with
-R option. We see that we can't create a file or directory in the subdirectory while we could do it earlier. So we can notice that -R option apply the attribute to subdirectories and all the contents
NB: You can protect important files as
/etc/shadow, makes them secure from an accidental removal or tamper and also it will disable user account creation. But when you will try to create a new system user, you will get error message saying cannot open /etc/passwd. If you try to change the password, you will be prompt to enter a new password but when you will log in next time, the new password will not appear to be valid, you will have to use the old password to log in.
5) How to append data on file with 'a' attribute
It is possible to only allow everyone to just append data on a file without changing or modifying already entered data with the
a attribute. It means that, you can only add content on the current file without modifying data already present.
We will create a file for the example
$ touch file2 $ ls -l total 99128 -rw-r--r-- 1 root root 101490688 Apr 12 18:33 chefdk_1.3.40-1_amd64.deb -rw-rw-rw- 1 ubuntu ubuntu 79 Apr 13 01:15 file1 -rw-rw-r-- 1 ubuntu ubuntu 22 Apr 13 01:23 file2 drwxr-xr-x 8 root root 4096 Apr 12 18:06 nagios-cookbook-tutorial
$ lsattr file2 -------------e-- file2
Now will edit it
$ echo "Test of 'a' attribute" > file2 $ cat file2 Test of 'a' attribute
Now we will set the the flag
$ sudo chattr +a file2 $ lsattr file2 -----a-------e-- file2
We will try some operations by editing our file
$ echo "Test of setting append on file2" > file2 -bash: file2: Operation not permitted
See that the
> redirection replaces the content, so it means that we have tried to remove a content to add another one. Or
a attribute only authorizes to add content without removing any data already present.
$ echo "Test of setting append on file2" >> file2 $ cat file2 Test of 'a' attribute Test of setting append on file2
You can see that we the
>> redirection, it works because we add a content without modifying data present before.
6) How to append data on folders with 'a' attribute
It is the same thing that with
i attribute. Let's create a folder with a content
$ cd barbatos/ ~/barbatos$ mkdir amazing wonder ~/barbatos$ touch file3 file4
~/barbatos$ ls amazing file3 file4 wonder
Add a content on the files
~/barbatos$ echo "attr a is wonderful" > file3 ~/barbatos$ echo "attr a is also amazing" > file4
~/barbatos$ cat file3 attr a is wonderful
~/barbatos$ cat file4 attr a is also amazing
check the default attributes
~/barbatos$ lsattr -------------e-- ./amazing -------------e-- ./wonder -------------e-- ./file4 -------------e-- ./file3
$ cd .. $ sudo chattr -R +a barbatos/
$ lsattr -d barbatos -----a-------e-- ./barbatos
Wee set attribute. Now take a look in the content
$ cd barbatos ~/barbatos$ lsattr -----a-------e-- ./amazing -----a-------e-- ./wonder -----a-------e-- ./file4 -----a-------e-- ./file3
it takes effect. Now let's try to modify the content by adding and removing data
$ echo "change the content?" > file3 -bash: file3: Operation not permitted
~/barbatos$ echo "add a content?" >> file3 ~/barbatos$ cat file3 attr a is wonderful add a content?
~/barbatos$ rm file4 rm: cannot remove 'file4': Operation not permitted
~/barbatos$ touch file6 file7 ~/barbatos$ ls amazing file3 file4 file6 file7 wonder
We are not able to delete file but able to create news files so we added a content so it's normal
~/barbatos$ mv file wonder/ mv: cannot stat 'file': No such file or directory
~/barbatos$ mv file6 wonder/ mv: cannot move 'file6' to 'wonder/file6': Operation not permitted
move a file to a sub-directory means remove something in the current directory with
a flag so it is not permitted.
~/barbatos$ touch wonder/file8 ~/barbatos$ ls wonder/ file8
While it is permitted to create a file into a sub-directory
~/barbatos$ touch amazing/file9 ~/barbatos$ ls amazing/ file9
~/barbatos$ echo "add content" >> amazing/file9 ~/barbatos$ cat amazing/file9 add content
We see that
a flag is applied to our folder and its sub-directory.
$ cd $ rm -Rf barbatos/ rm: cannot remove 'barbatos/amazing/file9': Operation not permitted rm: cannot remove 'barbatos/file7': Operation not permitted rm: cannot remove 'barbatos/wonder/file8': Operation not permitted rm: cannot remove 'barbatos/file6': Operation not permitted rm: cannot remove 'barbatos/file4': Operation not permitted rm: cannot remove 'barbatos/file3': Operation not permitted
We can't delete the folder. See that it indicates that we can't also remove sub-directories and files.
So the difference beetwen
i attribute is that
a attribute preserve data but allow modifications only to add data not to remove or replace while
i attribute preserve data without allowing any modification.
NB: You have seen that
-R option also replicate attributes to sub-directories where we can only add a content. If we don't use it, we will not have the replication.
Now we know how we can protect our files and folders. It si possible to only add a content without removing something. Only the root or a user with root permission can change the attributes.