Chattr Command in Linux with 5 Examples

Last updated: July 10, 2022
chattr command

When many users access and use the Linux system there is a chance for accidental deletion of files or directories. So it's important for administrators to keep the required files in an undeletable state. There comes chattr command to help in this situation.

In this guide, we learn about chattr command with some practical examples.

chattr command in Linux

Chattr (Change Attribute) is a command-line Linux utility that is used to change the file attributes. It can sets and unsets certain attributes to a file in Linux system to secure accidental deletion or modification of important files and folders, even though you are logged in as a root user.

So, using chattr command you make the file immutable. In other words, it means that it is used to stop accidentally deleting files and directories. You cannot delete the files secured via chattr attribute even though you have full permission over files.

This is very useful in secure system files like shadow and passwd files which contain all user information and passwords.  These attributes can only be set on files and directories located in an ext2, ext3, or ext4 file system.

The syntax for chattr command:

chattr [ -RVf ] [ -v version ] [ mode ] files...

File attributes we can use with chattr command:

  • a - the file can only be opened in append mode for writing.
  • A - the atime record of the file is not modified. This avoids a certain amount of disk I/O for laptop systems.
  • c - the file is automatically compressed on the disk by the kernel. A read from this file returns uncompressed data. A write to this file compresses data before storing them on the disk.
  • C - the file will not be subject to copy-on-write updates. This flag is only supported on file systems which perform copy-on-write. If the 'C' flag is set on a directory, it will have no effect on the directory
  • d - the file is not candidate for backup when the dump program is run.
  • D - when a directory is modified, the changes are written synchronously on the disk; this is equivalent to the 'dirsync' mount option applied to a subset of the files.
  • i - file cannot be modified, deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser can set or clear this attribute.
  • j - the file has all of its data written to the ext3 or ext4 journal before being written to the file itself,
  • s - if the file is deleted, its blocks are zeroed and written back to the disk.
  • S - if the file is modified, the changes are written synchronously on the disk; this is equivalent to the 'sync' mount option applied to a subset of the files.
  • t - the file will not have a partial block fragment at the end of the file merged with other files
  • T - the directory will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.
  • u - makes that if a file is deleted, its contents are saved. This allows the user to ask for its undeletion

Chattr Examples

Let's check how to use chattr command with some examples.

1. Chattr make file immutable

To set a file attribute we will use chattr command with  + operator followed by the attribute name.

Let's check with examples of how to set immutable attribute to a file. Only root or user with sudo privilege can set and remove immutable flag on a file.

A file with an immutable attribute:

  • Cannot be modified, deleted, renamed
  • No soft or hard link can be created by anyone including the root user.
  • No data can be written to the file

Let's create an empty file using touch command as follows:

$ touch file1

Now let's see how to list attributes of the file using lsattr command:

$ lsattr 
-------------e-- ./nagios-cookbook-tutorial
-------------e-- ./chefdk_1.3.40-1_amd64.deb
-------------e-- ./file1

Add some content to the file using echo command:

$ echo "Test of i attribute" > file1 
$ cat file1 
Test of i attribute

Now we can set immutable attribute using +i on the file named file1.

$ sudo chattr +i file1
$ lsattr 
-------------e-- ./nagios-cookbook-tutorial
-------------e-- ./chefdk_1.3.40-1_amd64.deb
----i--------e-- ./file1

In the following commands we will try append, delete both using normal user and sudo user (root):

$ echo "Try to edit after set i attribute" >> file1 
-bash: file1: Permission denied
$ sudo echo "Try to edit after set i attribute" >> file1 
-bash: file1: Permission denied
$ rm -f file1 
rm: cannot remove 'file1': Operation not permitted
$ sudo rm -f file1 
rm: cannot remove 'file1': Operation not permitted

We can observe that above all operations are not permitted.

2. Chattr remove immutable

To remove any attribute from the file we have to use - operator followed by the attribute name.

In the following example, let us unset the immutable attribute from the file (file1).

$ sudo chattr -i file1 
$ lsattr file1
-------------e-- ./file1

You should be now able to do all normal operations on the file.

3. Chattr recursive

In order to secure the directory, we have to set attribute recursively (-R) using + operator.

The following command will set the immutable bit on the directory ('temp') recursively:

$ sudo chattr -R +i /temp 
$ lsattr -d temp
----i--------e-- temp/

The above command will recursively make /temp directory undeletable in Linux.

To unset, you have use  - operator followed by i attribute.

$ sudo chattr -R -i linoxide/

4. Chattr Append to file

It is possible to allow everyone to just append data on a file without changing or modifying already entered data with the a attribute.

It means that you can only add content on the current file without modifying data already present.

The following examples set append atrribute to the file (file2).

$ sudo chattr +a file2

5. Make file undeletable using chattr

Chattr command allows making files in Linux undeletable by any user (not even by root user). This mostly helps to secure important files such as /etc/passwd or /etc/shadow.

To make a file undeletable:

sudo chattr +i /path-to-filename

For example to make the password and shadow file undeletable.

$ sudo chattr +i /etc/passwd
$ sudo chattr +i /etc/shadow

Remember this will disable user account creation. But when you will try to create a new system user, you will get an error message saying 'cannot open /etc/passwd'. If you try to change the password, you will be prompt to enter a new password but when you will log in next time, the new password will not appear to be valid, you will have to use the old password to log in.

Conclusion

Now we know how we can protect our files and folders using chattr command in Linux. I hope you enjoyed reading this tutorial and please leave your suggestions in the below comment section. For more information please refer man chattr.

About The Author

Bobbin Zachariah

Bobbin Zachariah

Bobbin started his career in IT in the year 2000 as a computer science instructor and worked as a Linux system engineer and senior analyst roles. Currently working in DevOps environments to increase efficiency and improve delivery time in AWS Cloud infrastructure. He is certified in RHEL, CCNA, and MCP and holds a Masters's in computer science. When in his free time love playing cricket, blogging, and listening to music.

SHARE

Comments

Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment