Changing the File Attributes

Changing the File Attributes

This explains how to use chattr to keep important system files secure. However, this command is only available on ext2 and ext3 partitions.


chattr [options] mode files

Modify file attributes. Specific to Linux Second and Third Extended Filesystem (ext2 and ext3). Behaves similarly to symbolic chmod, using +, -, and =. mode is in the form opcode attribute. See also lsattr.


-R Modify directories and their contents recursively.

-V Print modes of attributes after changing them.

-v version Set the file’s version.


Add attribute.

Remove attribute.

Assign attributes (removing unspecified attributes).


A —> Don’t update access time on modify.

a —> Append only for writing. Can be set or cleared only by a privileged user.

c —>Compressed.

d —> No dump.

i —> Immutable. Can be set or cleared only by a privileged user.

j —> Journalled file. This is useful only in cases where you are using an ext3 filesystem mounted with the data=”ordered” or data=”writeback” attributes. The data=”journalled” option for the filesystem causes this operation to be performed for all files in the system and makes this option irrelevant.

S —> Synchronous updates.

s —> Secure deletion. The contents are zeroed on deletion, and the file cannot be undeleted or recovered in any way.

u —> Undeletable. This causes a file to be saved even after it has been deleted, so that a user can undelete it later.

Examples of using chattr and lsattr

// Set the immutable bit on a file so it cannot be changed or removed

# chattr +i myfile
# lsattr myfile
—-i——– myfile

// Testing the immutable flag by attempting to delete the file

# rm myfile
rm: cannot remove `myfile’: Operation not permitted

// Set myfile to append-only

# chattr +a myfile
# lsattr myfile
—–a——- myfile
# echo testing > myfile
myfile: Operation not permitted
# echo testing >> myfile
// no errors – file was appended to

In some instances this may useful to keep important files safe from deletion. Remember that even root can’t delete a file that is immutable or append-only without first explicitly removing that attribute. Using this flag on /etc/passwd or /etc/shadow files keeps them safe from an accidental rm -f and also ensures no new accounts can be added in the event of an exploit. Keeping other files append-only means once they are written, that data can’t be changed.


One thought on “Changing the File Attributes

  1. I had been honored to receive a call coming from a friend as soon as he identified the important tips shared on your own site. Reading through your blog write-up is a real wonderful experience. Thanks again for thinking about readers much like me, and I want for you the best of success as being a professional discipline.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s