chattr command explained : Change Attributes

chattr command explained : Change Attributes

by -
0 1247


chattr :  change attributes   and    lsattr :   list attributes

By changing attributes of a file using chattr, we can protect  files and directories   from accidental deletion even files/folders have full permission (777)  or  user having  full permission as root or user root itself.   This is an admin command. Only user root can change the file attributes.


# chattr [operator] [flags] [filename]

Attributes details :

# chattr +a file1                 allows write opening of a file only append mode
# chattr +c file1                 allows that a file is compressed / decompressed automatically by the kernel
# chattr +d file1                 makes sure that the program ignores Dump the files during backup
# chattr +i file1                  makes it an immutable file, which can not be removed, altered, renamed or linked
# chattr +s file1                 allows a file to be deleted safely
# chattr +S file1                 makes sure that if a file is modified changes are written in synchronous mode as with sync
# chattr +u file1                 allows you to recover the contents of a file even if it is canceled
# lsattr                                   show specials attributes


The  letters  `acdeijstuADST’  select the new attributes for the files:

  • Append only (a)
  • Compressed (c)
  • No dump (d)
  • Extent format (e),
  • Immutable (i),
  • Data journalling (j),
  • Secure deletion (s),
  • No tail-merging (t),
  • Undeletable (u),
  • No atime updates (A),
  • Synchronous directory updates (D),
  • Synchronous updates (S),
  • Top of directory hierarchy(T).

Fourth  ( Immutable ) and fifth (Append) attributes are mostly used .

Append Attribute:

If you want to allow everyone to only append data to a file and not change already existing data, you can set the append bit as follows:

# chattr +a filename

Now the filename can only be opened in append mode for writing data.

To  unset the append attribute type :

# chattr -a filename


[root@web ~]# touch file1
[root@web ~]# touch file2
[root@web ~]# touch file3
[root@web ~]# ls
file1  file2  file3
[root@web ~]# lsattr
————- ./file3                    <———————-shows no attributes here
————- ./file2
————- ./file1

[root@web ~]#
[root@web ~]# chattr +a file1           <————-changing attribute here
[root@web ~]#
[root@web ~]# lsattr                          <———-showing attribute

————- ./file3
————- ./file2
—–a——- ./file1

[root@web ~]#
[root@web ~]# mv file1 newfile1
mv: cannot move `file1′ to `newfile1′: Operation not permitted        <———cannot modify
[root@web ~]# rm -rf file1
rm: cannot remove `file1′: Operation not permitted           <————cannot remove
[root@web ~]# echo 123 > file1                                               <—————-cannot overwrite
-bash: file1: Operation not permitted

[root@web ~]# echo 123 >> file1
[root@web ~]# echo 123 >> file1
[root@web ~]# echo 123 >> file1          

[root@web ~]#

[root@web ~]# cat file1                             <————-we can only append the file.


[root@web ~]#

Immutable attribute:

A file with an immutable attribute can not be modified,deleted,renamed,No soft or hard link created by anyone including root user.Only the root can set or remove this attribute.

# chattr +i filename

To  unset the immutable attribute type :

# chattr -i filename

[root@web ~]#
[root@web ~]# chattr +i file2       <———adding Immutable attribute  on file2
[root@web ~]# lsattr
————- ./file3
—-i——– ./file2               <———see immutable flag here
—–a——- ./file1
[root@web ~]#
[root@web ~]# rm -rf file2
rm: cannot remove `file2′: Operation not permitted      <————-cannot remove

[root@web ~]# mv file2 file4                 <————-cannot move
mv: cannot move `file2′ to `file4′: Operation not permitted
[root@web ~]# echo 123 >> file2             <—————–cannot append
-bash: file2: Permission denied

[root@web ~]# ln -s file2 softlink-file2       <——-able to create softlink
[root@web ~]# ls
file1  file2  file3  softlink-file2
[root@web ~]# ls -l
total 4
-rwxrwxrwx 1 root root 12 Jul 17 05:01 file1
-rw-r–r– 1 root root  0 Jul 17 04:58 file2
-rw-r–r– 1 root root  0 Jul 17 04:58 file3
lrwxrwxrwx 1 root root  5 Jul 17 05:12 softlink-file2 -> file2
[root@web ~]#
[root@web ~]# ln  file2 hardlink-file2                         <————–Cannot create hard link of this file
ln: creating hard link `hardlink-file2′ to `file2′: Operation not permitted

Attributes on  Directories

to secure entire directory and each and every files withing directory, Use -R (recursively) switch with +i

# chattr -R +i myDIR

this will protect all files and folders within this directory “myDIR

To unset the immutable attribute from all files and directories type :

# chattr -R -i myDIR

What happened , if we place a command with combination  +ia  ?

# chattr  +ia filename

Files with this flag will fail to be opened for writing. This also blocks certain potentially destructive system calls such as truncate  or unlink

Protecting important files

You can protect important files such as:
•    /etc/php.ini
•    /etc/passwd
•    /etc/shadow
•    /etc/group and more


Simple and Powerful…………isn’t  it ?

Enjoy Linux Works ……!!

(Please do share or comment, if you like the post )


CEO, KV IT-Solutions Pvt. Ltd. | | 9810028374|
Linux Professional and an Industrial Trainer | 20 + years Experience in IT Industry

” We are born free, No Gate and Windows can snatch our freedom “

Download PDF


0 1407

0 1041

0 945


Leave a Reply

Required Captcha *