Powerful chattr command usage in Linux
chattr (change attributes), is a powerful command line utility which is used to change the file attributes on a Linux file system. There is a number of benefits which can be obtained fruitfully by adding these advanced attributes to certain file/directories in a Linux file system.
- Accidentally, Users and Administrators may overwrite, modify or remove some important files on the Linux file system and put themselves in big trouble. Using “chattr”, We can lock down the files/directories and restrict their editing, removal, and modification.
- Only appending of data can be granted to users on particular file/directory, this will add up the extra layer of security and protects against many hacking attempts in which hacker replace/modify/removes the running code from the application.
- Disk storage can be used more efficiently. We can automatically compressed a file before writing and storing it on the disk and read from this file returns uncompressed data.
Syntax for “chattr”
chattr [operator] [Attributes] [filename]
Operators
- + : The operator ‘+’ adds the selected attributes to existing attributes of the files.
- – : The operator ‘-‘ removes the selected attributes to existing attributes of the files.
- = : The operator ‘=’ keeps the existing attributes that files have.
Attributes
We are explaining the most used attributes with “chattr” command. Brief description of all the attributes can be found here.
- Attribute ‘A’ : When a file with the ‘A’ attribute set is accessed, its atime record is not modified. This avoids a certain amount of disk I/O for laptop systems.
- Attribute ‘a’ : A file with the ‘a’ attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
- Attribute ‘c’ : A file with the `c’ attribute set is automatically compressed on the disk by the kernel. A read from this file returns uncompressed data. A write to this file compresses data before storing them on the disk. This is not honoured by the ext2, ext3, and ext4 file systems.
- Attribute ‘e’ : The ‘e’ attribute indicates that the file is using extents for mapping the blocks on disk. It may not be removed using chattr(1).
- Attribute ‘i’ : A file with the `i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
Show Current Attributes
Command “lsattr” is used to display the current existing attributes on a file/directory. For demo purpose below listed command will display the existing attributes applied to certain file or directory.
Lists the attribute on file /root/linuxtogether/important.txt
root@ubuntu:~# lsattr /root/linuxtogether/important.txt -------------e-- /root/linuxtogether/important
Lists the attribute on directory /root/linuxtogether
root@ubuntu:~# lsattr -d /root/linuxtogether/ -------------e-- /root/linuxtogether/
Examples and Usage
1. How to add attributes on files/directory to secure it from edition, modification, and deletion?
Add IMMUTABLE attribute ‘i’ to secure a file from edition, modification or removal.
root@ubuntu:~# chattr +i /root/linuxtogether/important.txt
List the IMMUTABLE attribute ‘i’ on file /root/linuxtogether/important.txt
root@ubuntu:~# lsattr /root/linuxtogether/important.txt ----i--------e-- /root/linuxtogether/important.txt
Verify the working of IMMUTABLE attribute ‘i’, try removing the file /root/linuxtogether/important.txt
root@ubuntu:~# rm -f /root/linuxtogether/important.txt rm: cannot remove ‘/root/linuxtogether/important.txt’: Operation not permitted
Add IMMUTABLE attribute ‘i’ to secure a directory from modification or removal.
root@ubuntu:~# chattr +i /root/linuxtogether/
List the IMMUTABLE attribute ‘i’ on directory /root/linuxtogether/
root@ubuntu:~# lsattr -d /root/linuxtogether/ ----i--------e-- /root/linuxtogether
Verify the working of IMMUTABLE attribute ‘i’, try removing the directory /root/linuxtogether/
root@ubuntu:~# rm -rf /root/linuxtogether rm: cannot remove ‘/root/linuxtogether’: Operation not permitted
2. How to remove the IMMUTABLE attribute ‘i’ from certain files/directory on Linux filesystem?
Remove IMMUTABLE attribute ‘i’ from a file /root/linuxtogether/important.txt.
root@ubuntu:~# chattr -i /root/linuxtogether/important.txt
List the remaining attributes on file /root/linuxtogether/important.txt
root@ubuntu:~# lsattr /root/linuxtogether/important.txt -------------e-- /root/linuxtogether/important.txt
Remove IMMUTABLE attribute ‘i’ from a directory /root/linuxtogether/.
root@ubuntu:~# chattr -i /root/linuxtogether
List the remaining attributes on directory /root/linuxtogether
root@ubuntu:~# lsattr -d /root/linuxtogether -------------e-- /root/linuxtogether/
3. How to allow only appending of data into a file?
Add attribute ‘a’ to append data into a file.
root@ubuntu:~# chattr +a /root/linuxtogether/important.txt
List the attribute ‘a’ on file /root/linuxtogether/important.txt
root@ubuntu:~# lsattr /root/linuxtogether/important.txt ----a--------e-- /root/linuxtogether/important.txt
4. How to remove attribute ‘a’ used for appending data in a file?
root@ubuntu:~# chattr -a /root/linuxtogether/important.txt
List the remaing attribute on file /root/linuxtogether/important.txt
root@ubuntu:~# lsattr /root/linuxtogether/important.txt -------------e-- /root/linuxtogether/important.txt
5. How to add attributes recursively to whole directory ?
Above command will add attribute ‘i’ to all directories and files inside directory linuxtogether.
root@ubuntu:~# chattr -R +i /root/linuxtogether/
List the attributes on directory /root/linuxtogether
root@ubuntu:~# lsattr -d /root/linuxtogether ----i--------e-- /root/linuxtogether
root@ubuntu:~# lsattr /root/linuxtogether/ ----i--------e-- /root/linuxtogether/important.txt ----i--------e-- /root/linuxtogether/important2.txt ----i--------e-- /root/linuxtogether/important3.txt ----i--------e-- /root/linuxtogether/demodirectory1
6. How to remove attributes recursively from a whole directory ?
root@ubuntu:~# chattr -R -i /root/linuxtogether/
Finally, we are heading towards the end of tutorial. Using above chattr command you can secure important files like passwd, configuration files apache.conf, php.ini, and many other important files and directories. Hope you guys will find this tutorial useful. Stay connected for future updates. Cheers !
Recent Comments