Changing the File Attributes

Posted: 1p in Linux

Changing the File Attributes

This explains how to use chattr to keep important system files secure. However, this command is only available on ext2 and ext3 partitions.


chattr [options] mode files

Modify file attributes. Specific to Linux Second and Third Extended Filesystem (ext2 and ext3). Behaves similarly to symbolic chmod, using +, -, and =. mode is in the form opcode attribute. See also lsattr.


-R Modify directories and their contents recursively.

-V Print modes of attributes after changing them.

-v version Set the file’s version.


Add attribute.

Remove attribute.

Assign attributes (removing unspecified attributes).


A —> Don’t update access time on modify.

a —> Append only for writing. Can be set or cleared only by a privileged user.

c —>Compressed.

d —> No dump.

i —> Immutable. Can be set or cleared only by a privileged user.

j —> Journalled file. This is useful only in cases where you are using an ext3 filesystem mounted with the data=”ordered” or data=”writeback” attributes. The data=”journalled” option for the filesystem causes this operation to be performed for all files in the system and makes this option irrelevant.

S —> Synchronous updates.

s —> Secure deletion. The contents are zeroed on deletion, and the file cannot be undeleted or recovered in any way.

u —> Undeletable. This causes a file to be saved even after it has been deleted, so that a user can undelete it later.

Examples of using chattr and lsattr

// Set the immutable bit on a file so it cannot be changed or removed

# chattr +i myfile
# lsattr myfile
—-i——– myfile

// Testing the immutable flag by attempting to delete the file

# rm myfile
rm: cannot remove `myfile’: Operation not permitted

// Set myfile to append-only

# chattr +a myfile
# lsattr myfile
—–a——- myfile
# echo testing > myfile
myfile: Operation not permitted
# echo testing >> myfile
// no errors – file was appended to

In some instances this may useful to keep important files safe from deletion. Remember that even root can’t delete a file that is immutable or append-only without first explicitly removing that attribute. Using this flag on /etc/passwd or /etc/shadow files keeps them safe from an accidental rm -f and also ensures no new accounts can be added in the event of an exploit. Keeping other files append-only means once they are written, that data can’t be changed.

  1. I had been honored to receive a call coming from a friend as soon as he identified the important tips shared on your own site. Reading through your blog write-up is a real wonderful experience. Thanks again for thinking about readers much like me, and I want for you the best of success as being a professional discipline.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s