5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux

chattr (Change Attribute) is a command line Linux utility that is used to set/unset certain attributes to a file in Linux system to secure accidental deletion or modification of important files and folders, even though you are logged in as a root user.

In Linux native filesystems i.e. ext2, ext3, ext4, btrfs, etc. supports all the flags, though all the flags won’t support to all non-native FS. One cannot delete or modify file/folder once attributes are sets with chattr command, even though one have full permissions on it.

5 chattr command examples

This is very useful to set attributes in system files like passwd and shadow files wherein user’s info are contains.

Syntax of chattr

# chattr [operator] [flags] [filename]

Attributes and Flags

Following are the list of common attributes and associated flags can be set/unset using the chattr command.

1. If a file is accessed with ‘A‘ attribute set, its atime record is not updated.
2. If a file is modified with ‘S‘ attribute set, the changes are updates synchronously on the disk.
3. A file is set with ‘a‘ attribute, can only be open in append mode for writing.
4. A file is set with ‘i‘ attribute, cannot be modified (immutable). Means no renaming, no symbolic link creation, no execution, no writable, only superuser can unset the attribute.
5. A file with the ‘j‘ attribute is set, all of its information updated to the ext3 journal before being updated to the file itself.
6. A file is set with ‘t‘ attribute, no tail-merging.
7. A file with the attribute ‘d‘, will no more candidate for backup when the dump process is run.
8. When a file has ‘u‘ attribute is deleted, its data are saved. This enables the user to ask for its undeletion.

Operator

1. + : Adds the attribute to the existing attribute of the files.
2. – : Removes the attribute to the existing attribute of the files.
3. = : Keep the existing attributes that the files have.

Here, we are going to demonstrate some of the chattr command examples to set/unset attributes to a file and folders.

1. How to add attributes on files to secure from deletion

For demonstration purpose, we’ve used folder demo and file important_file.conf respectively. Before setting up attributes, make sure to verify that the existing files have any attributes set using ‘ls -l‘ command. Did you see the results, currently no attribute are set.

      ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

                                                    ► Read more: http://adf.ly/1nBXdv

      ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬