chattr command explained : Change Attributes

chattr command explained : Change Attributes

by -
0 1528


chattr :  change attributes   and    lsattr :   list attributes

By changing attributes of a file using chattr, we can protect  files and directories   from accidental deletion even files/folders have full permission (777)  or  user having  full permission as root or user root itself.   This is an admin command. Only user root can change the file attributes.


# chattr [operator] [flags] [filename]

Attributes details :

# chattr +a file1                 allows write opening of a file only append mode
# chattr +c file1                 allows that a file is compressed / decompressed automatically by the kernel
# chattr +d file1                 makes sure that the program ignores Dump the files during backup
# chattr +i file1                  makes it an immutable file, which can not be removed, altered, renamed or linked
# chattr +s file1                 allows a file to be deleted safely
# chattr +S file1                 makes sure that if a file is modified changes are written in synchronous mode as with sync
# chattr +u file1                 allows you to recover the contents of a file even if it is canceled
# lsattr                                   show specials attributes


The  letters  `acdeijstuADST’  select the new attributes for the files:

  • Append only (a)
  • Compressed (c)
  • No dump (d)
  • Extent format (e),
  • Immutable (i),
  • Data journalling (j),
  • Secure deletion (s),
  • No tail-merging (t),
  • Undeletable (u),
  • No atime updates (A),
  • Synchronous directory updates (D),
  • Synchronous updates (S),
  • Top of directory hierarchy(T).

Fourth  ( Immutable ) and fifth (Append) attributes are mostly used .

Append Attribute:

If you want to allow everyone to only append data to a file and not change already existing data, you can set the append bit as follows:

# chattr +a filename

Now the filename can only be opened in append mode for writing data.

To  unset the append attribute type :

# chattr -a filename


[[email protected] ~]# touch file1
[[email protected] ~]# touch file2
[[email protected] ~]# touch file3
[[email protected] ~]# ls
file1  file2  file3
[[email protected] ~]# lsattr
————- ./file3                    <———————-shows no attributes here
————- ./file2
————- ./file1

[[email protected] ~]#
[[email protected] ~]# chattr +a file1           <————-changing attribute here
[[email protected] ~]#
[[email protected] ~]# lsattr                          <———-showing attribute

————- ./file3
————- ./file2
—–a——- ./file1

[[email protected] ~]#
[[email protected] ~]# mv file1 newfile1
mv: cannot move `file1′ to `newfile1′: Operation not permitted        <———cannot modify
[[email protected] ~]# rm -rf file1
rm: cannot remove `file1′: Operation not permitted           <————cannot remove
[[email protected] ~]# echo 123 > file1                                               <—————-cannot overwrite
-bash: file1: Operation not permitted

[[email protected] ~]# echo 123 >> file1
[[email protected] ~]# echo 123 >> file1
[[email protected] ~]# echo 123 >> file1          

[[email protected] ~]#

[[email protected] ~]# cat file1                             <————-we can only append the file.


[[email protected] ~]#

Immutable attribute:

A file with an immutable attribute can not be modified,deleted,renamed,No soft or hard link created by anyone including root user.Only the root can set or remove this attribute.

# chattr +i filename

To  unset the immutable attribute type :

# chattr -i filename

[[email protected] ~]#
[[email protected] ~]# chattr +i file2       <———adding Immutable attribute  on file2
[[email protected] ~]# lsattr
————- ./file3
—-i——– ./file2               <———see immutable flag here
—–a——- ./file1
[[email protected] ~]#
[[email protected] ~]# rm -rf file2
rm: cannot remove `file2′: Operation not permitted      <————-cannot remove

[[email protected] ~]# mv file2 file4                 <————-cannot move
mv: cannot move `file2′ to `file4′: Operation not permitted
[[email protected] ~]# echo 123 >> file2             <—————–cannot append
-bash: file2: Permission denied

[[email protected] ~]# ln -s file2 softlink-file2       <——-able to create softlink
[[email protected] ~]# ls
file1  file2  file3  softlink-file2
[[email protected] ~]# ls -l
total 4
-rwxrwxrwx 1 root root 12 Jul 17 05:01 file1
-rw-r–r– 1 root root  0 Jul 17 04:58 file2
-rw-r–r– 1 root root  0 Jul 17 04:58 file3
lrwxrwxrwx 1 root root  5 Jul 17 05:12 softlink-file2 -> file2
[[email protected] ~]#
[[email protected] ~]# ln  file2 hardlink-file2                         <————–Cannot create hard link of this file
ln: creating hard link `hardlink-file2′ to `file2′: Operation not permitted

Attributes on  Directories

to secure entire directory and each and every files withing directory, Use -R (recursively) switch with +i

# chattr -R +i myDIR

this will protect all files and folders within this directory “myDIR

To unset the immutable attribute from all files and directories type :

# chattr -R -i myDIR

What happened , if we place a command with combination  +ia  ?

# chattr  +ia filename

Files with this flag will fail to be opened for writing. This also blocks certain potentially destructive system calls such as truncate  or unlink

Protecting important files

You can protect important files such as:
•    /etc/php.ini
•    /etc/passwd
•    /etc/shadow
•    /etc/group and more


Simple and Powerful…………isn’t  it ?

Enjoy Linux Works ……!!

(Please do share or comment, if you like the post )


Download PDF

CEO, KV IT-Solutions Pvt. Ltd. | [email protected] | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “


0 1699

0 1354

0 1218


Leave a Reply