What is chattr attribute and how it use to make files undeletable or immutable

Nikhil Bhaskar
May 11, 2021

What is chattr attribute and how it use to make files undeletable or immutable

Introduction:

Most of the time Linux based Operating system machine is used by different users. So there are high chances that the users will access a common set of files. This practice will cause of problems like accidental deletion or modification of important files.

There is an existing command – chattr – that’s developed to help you in specifically these kinds of scenarios.

In this blog, we will discuss this utility using some easy examples.

Lets understand the flag of the attributes.

The value of the [OPERATOR] part can be one of the following symbols:

+ – The plus operator tells the chattr to add specified attributes to the existing ones.
- – The minus operator tells the chattr to remove specified attributes from the existing ones.
= – The equal operator tells the chattr to set specified attributes as the only attributes.

The operator is followed by one or more [ATTRIBUTES] flags that you want to add or remove from the file attributes. Below is a list of a few common attributes and associated flags:

a – When this attribute is set, the file can only be opened in append mode for writing.
A – When a file with this attribute set is open, its atime record is not changed. atime (access time) is the last time the file was accessed/opened by some command or application.
e – This attribute denotes that the file is using extents for mapping the blocks on disk. The e attribute cannot be modified with chattr.
i – This attribute indicates that the file is immutable, which means that the file cannot be deleted or renamed.

For a complete list of all file attributes and flags, type man chattr in your terminal.

1- Make a file read only

Lets start if you want to make a file read-only. Then you have to do is to run the chattr command with +i option and the name of the file as input.

Use the following to make the files immutable.

Now see that or test file is only read only is working or not.

2- Remove the file read only permission

Run command to remove the permission of the text.txt file.

3- Make a file append-able

If you want to provide users append-only access to a file so that new info can be added without modifying the existing content. This is possible with chattr command with +a parameter.

Now we could append the file but it would not edit existing content in the file as well as delete the file. To reverse this behaviour just use the -a option.

4- Make a file un-append

Note: lsattr command is used to see the attributes of files in a directory. Here it should be noted that the e flag in the file is previously set and it means that the file is using extents for mapping blocks on the disk. The extents are file-system dependant. They are seldom removable.

5- how to secure directories

To secure entire directory and its files, we use ‘-R‘ (recursively) switch with ‘+i‘ flag along with full path of the directories.

To remove these securities of the directories and files the use command.

In this blog we tried to elaborate how the files can immutable and secure the directories and also make the files appendable and vice-versa.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others