chattr (Change Attribute) is a command-line Linux utility that is used to change the file attributes. It can set and unset certain attributes on a file, which can control how these files are used and accessed. The chattr mostly works on ext2, ext3, ext4, and btrfs filesystems.
Common Use Cases:
- Protect System Files: Set the immutable attribute on critical system files.
- Secure Log Files: Make log files append-only to prevent tampering.
- Data Integrity: Use synchronous updates for files needing immediate disk writing.
The basic syntax for chattr command:
chattr [options] [operator][attributes] [files]
- -R: Recursively change attributes of directories and their contents.
- -+= [attributes]: Add the specified attributes to the existing attributes of the files.
- -=[attributes]: Remove the specified attributes from the existing attributes of the files.
- -V: Verbose mode. Reports detailed information about what
- A: No atime updates - when set, the Linux kernel will not update the access time when the file is accessed.
- a: Append only - once set, the file can only be opened in append mode for writing.
- C: No copy-on-write - this attribute disables copy-on-write for the file.
- c: Compressed - the file is automatically compressed on the disk.
- D: Synchronous directory updates - when a directory is modified, the changes are written synchronously on the disk.
- d: No dump - when set, the file is not a candidate for backup when the
dumpprogram is run.
- E: Extent format - indicates that the file is using extents for mapping the blocks on disk.
- e: Extents are in use - used to indicate that the file uses extents for block mapping.
- I: Immutable directory - prevents the directory from being deleted or renamed, and no files can be added or removed.
- i: Immutable - when set, the file cannot be modified, deleted, or renamed, and no link can be created to this file.
- j: Data journaling - ensures that all of its data is written to the journal before being written to the file itself, applicable for ext3 or ext4 filesystems.
- s: Secure deletion - when a file is deleted, its blocks are zeroed and written back to the disk.
- S: Synchronous updates - if the file is modified, the changes are written synchronously on the disk.
- u: Undeletable - if a file is deleted, its contents are saved, allowing for undeletion.
- X: Compressed dirty file - used to mark a compressed file that has been modified but not recompressed.
- Z: Compressed file - indicates that the file is compressed.
Let's check how to use chattr command with some examples.
1. Make file immutable
To set a file attribute we will use chattr command with
+ operator followed by the attribute name.
Let's check with examples of how to set immutable attribute to a file. Only root or user with sudo privilege can set and remove immutable flag on a file.
A file with an immutable attribute:
- Cannot be modified, deleted, renamed
- No soft or hard link can be created by anyone including the root user.
- No data can be written to the file
Let's create an empty file using touch command as follows:
$ touch file1
Now let's see how to list attributes of the file using lsattr command:
$ lsattr -------------e-- ./nagios-cookbook-tutorial -------------e-- ./chefdk_1.3.40-1_amd64.deb -------------e-- ./file1
Add some content to the file using echo command:
$ echo "Test of i attribute" > file1 $ cat file1 Test of i attribute
Now we can set immutable attribute using
+i on the file named file1.
$ sudo chattr +i file1
$ lsattr -------------e-- ./nagios-cookbook-tutorial -------------e-- ./chefdk_1.3.40-1_amd64.deb ----i--------e-- ./file1
In the following commands we will try append, delete both using normal user and sudo user (root):
$ echo "Try to edit after set i attribute" >> file1 -bash: file1: Permission denied
$ sudo echo "Try to edit after set i attribute" >> file1 -bash: file1: Permission denied
$ rm -f file1 rm: cannot remove 'file1': Operation not permitted
$ sudo rm -f file1 rm: cannot remove 'file1': Operation not permitted
We can observe that above all operations are not permitted.
2. Remove immutable
To remove any attribute from the file we have to use
- operator followed by the attribute name.
In the following example, let us unset the immutable attribute from the file (file1).
$ sudo chattr -i file1
$ lsattr file1 -------------e-- ./file1
You should be now able to do all normal operations on the file.
3. Recursive on directory
In order to secure the directory, we have to set attribute recursively (-R) using
The following command will set the immutable bit on the directory ('temp') recursively:
$ sudo chattr -R +i /temp $ lsattr -d temp ----i--------e-- temp/
The above command will recursively make /temp directory undeletable in Linux.
To unset, you have use
- operator followed by
$ sudo chattr -R -i linoxide/
4. Append to file
It is possible to allow everyone to just append data on a file without changing or modifying already entered data with the
It means that you can only add content on the current file without modifying data already present.
The following examples set append atrribute to the file (file2).
$ sudo chattr +a file2
5. Make file undeletable
chattr command allows making files in Linux undeletable by any user (not even by root user). This mostly helps to secure important files such as /etc/passwd or /etc/shadow.
To make a file undeletable:
sudo chattr +i /path-to-filename
For example to make the password and shadow file undeletable.
$ sudo chattr +i /etc/passwd $ sudo chattr +i /etc/shadow
Remember this will disable user account creation. But when you will try to create a new system user, you will get an error message saying 'cannot open /etc/passwd'. If you try to change the password, you will be prompt to enter a new password but when you will log in next time, the new password will not appear to be valid, you will have to use the old password to log in.