Chattr (Change Attribute) is a Linux command-line utility that sets and unset certain attributes in the file and directory to provide a level of security.
If you also been confused like me. What’s the difference between chmod and chown? They both also been used to restrict access to file permission by changing mode and user.
Look, Chattr behaves completely differently from both of them. Chattr is file system utility can only be used to restrict file for normal and root users. You can set an attribute to your file and directory to restrict editing, appending, or even restricting accidental delete of files.
Let’s look at some examples to know more understand more deeply.
Chattr syntax
$ chattr [OPERATOR][ATTRIBUTES] FILE...
The value of [OPERATOR] can be any of the following.
- +: Use to set a new attribute on existing attributes.
- –: Use to unset attribute from existing attributes
- =: This operator tells to set specified attributes as from the existing ones, so change occurs.
The [ATTRIBUTES] value is the combination used with the [OPERATOR] use to define what kind of flags you want to set/unset to file or directory. Below is a list of a few command used flags attribute.
a: This flag is only used to allow append functionality on a file. Already exists file content cannot be altered, and each modification sets a new modified time.
Allow | Read | Copy | Soft Link | Append | – |
Not Allow | Delete | Move | Rename | Update | Hard Link |
A: This flag is completely the same as “a” only difference is on each update; the timestamp will be the same, which is set during file creation.
Allow | Read | Copy | Soft Link | Append | – |
Not Allow | Delete | Move | Rename | Update | Hard Link |
c: It compresses the file data. When you write some data while pushing, it will compress it.
i: This is the most used flag in chattr. It defines the file as immutable. So you cannot write, append, update, delete, create a symbolic link of a file.
Allow | Read | Copy | Soft Link | – | – | – |
Not Allow | Delete | Move | Rename | Update | Hard Link | Append |
There are several flags that are rarely used. If you wish to know more, check the manual of the chattr command.
$ man chattr
How to prevent the file from deletion
Sometimes it happens when you keep your important file with some other files and accidentally run rm -rf *
on that path. Due to this carelessness, you lose your important file and then find a way to recover it.
I have an important file with the name trendoceans.txt, and I will show you how to set a flag. With the help of this flag, my file cannot be modified, deleted, or moved.
But before jumping, know that these rules are applied for all normal and root user. And only the root user has permission to unset this flag.
Let us check first what is the current permission of file.
$ ll
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan 2 14:56 trendoceans.txt
As you see, trendoceans.txt has permission to read, write and execute for all users. So, any user can easily mutate this file. So, let us secure it.
Before securing this file, let us know that there any current attribute is associated with this file. To check, simply use lsattr which outputs all set attribute applied using chattr.
$ lsattr
--------------e----- ./trendoceans.txt
Now time to make our file immutable to any user. Ensure that only superuser (ex: root) users and sudo access users have permission to set/unset flags.
$ sudo chattr +i trendoceans.txt
$ lsattr
----i---------e----- ./trendoceans.txt
Now our file is completely protected by any modification. Let’s try to delete it using sudo permission.
$ dir ll
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan 2 14:56 trendoceans.txt
$ dir sudo rm -rf *
rm: cannot remove 'trendoceans.txt': Operation not permitted
$ dir ll
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan 2 14:56 trendoceans.txt
While attempting to delete the trendoceans.txt file forcefully, it simply outputs Operation not permitted.
Let us now try to move it to another directory.
$ dir sudo mv trendoceans.txt ../
mv: cannot move 'trendoceans.txt' to '../trendoceans.txt': Operation not permitted
Again it outputs Operation not permitted. So, +i add file to immutable state and no user can perform any modification.
Now we demonstrate how to remove i flag from file and remove it.
$ sudo chattr -i trendoceans.txt # Remove flag
$ lsattr # Checking current flag
--------------e----- ./trendoceans.txt
$ rm trendoceans.txt # Removing file
$ ls # Checking file exists
If you want to see learn more about chattr command with more examples. Let us know in the comment section.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.