What is chattr command in Linux command-line utility.

  • Post last modified:April 27, 2021
  • Reading time:4 mins read

Chattr (Change Attribute) is a Linux command-line utility that sets and unset certain attributes in the file and directory to provide a level of security.

If you also been confused like me. What’s the difference between chmod and chown? They both also been used to restrict access to file permission by changing mode and user.

Look, Chattr behaves completely differently from both of them. Chattr is file system utility can only be used to restrict file for normal and root users. You can set an attribute to your file and directory to restrict editing, appending, or even restricting accidental delete of files.

Let’s look at some examples to know more understand more deeply.

Chattr syntax

$ chattr [OPERATOR][ATTRIBUTES] FILE...

The value of [OPERATOR] can be any of the following.

  • +: Use to set a new attribute on existing attributes.
  • : Use to unset attribute from existing attributes
  • =: This operator tells to set specified attributes as from the existing ones, so change occurs.

The [ATTRIBUTES] value is the combination used with the [OPERATOR] use to define what kind of flags you want to set/unset to file or directory. Below is a list of a few command used flags attribute.

a: This flag is only used to allow append functionality on a file. Already exists file content cannot be altered, and each modification sets a new modified time.

AllowReadCopy Soft LinkAppend
Not AllowDeleteMoveRenameUpdateHard Link
a: flag

A: This flag is completely the same as “a” only difference is on each update; the timestamp will be the same, which is set during file creation.

AllowReadCopy Soft LinkAppend
Not AllowDeleteMoveRenameUpdateHard Link
A: flag

c: It compresses the file data. When you write some data while pushing, it will compress it.

i: This is the most used flag in chattr. It defines the file as immutable. So you cannot write, append, update, delete, create a symbolic link of a file.

AllowReadCopy Soft Link
Not AllowDeleteMoveRenameUpdateHard LinkAppend
i: flag

There are several flags that are rarely used. If you wish to know more, check the manual of the chattr command.

$ man chattr

How to prevent the file from deletion

Sometimes it happens when you keep your important file with some other files and accidentally run rm -rf * on that path. Due to this carelessness, you lose your important file and then find a way to recover it.

I have an important file with the name trendoceans.txt, and I will show you how to set a flag. With the help of this flag, my file cannot be modified, deleted, or moved.

But before jumping, know that these rules are applied for all normal and root user. And only the root user has permission to unset this flag.

Let us check first what is the current permission of file.

$ ll
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan  2 14:56 trendoceans.txt

As you see, trendoceans.txt has permission to read, write and execute for all users. So, any user can easily mutate this file. So, let us secure it.

Before securing this file, let us know that there any current attribute is associated with this file. To check, simply use lsattr which outputs all set attribute applied using chattr.

$ lsattr
--------------e----- ./trendoceans.txt

Now time to make our file immutable to any user. Ensure that only superuser (ex: root) users and sudo access users have permission to set/unset flags.

$ sudo chattr +i trendoceans.txt
$ lsattr
----i---------e----- ./trendoceans.txt

Now our file is completely protected by any modification. Let’s try to delete it using sudo permission.

$ dir ll    
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan  2 14:56 trendoceans.txt
$ dir sudo rm -rf *                 
rm: cannot remove 'trendoceans.txt': Operation not permitted
$ dir ll
total 0
-rwxrwxrwx 1 trendoceans trendoceans 0 Jan  2 14:56 trendoceans.txt

While attempting to delete the trendoceans.txt file forcefully, it simply outputs Operation not permitted.

Let us now try to move it to another directory.

$ dir sudo mv trendoceans.txt ../        
mv: cannot move 'trendoceans.txt' to '../trendoceans.txt': Operation not permitted

Again it outputs Operation not permitted. So, +i add file to immutable state and no user can perform any modification.

Now we demonstrate how to remove i flag from file and remove it.

$ sudo chattr -i trendoceans.txt       # Remove flag
$ lsattr                           # Checking current flag
--------------e----- ./trendoceans.txt
$ rm trendoceans.txt               # Removing file         
$ ls                               # Checking file exists

If you want to see learn more about chattr command with more examples. Let us know in the comment section.

Like what you read? Please share it with others.

Leave a Reply