chattr commands in Linux with examples
chattr Commands - To make Important Files IMMUTABLE (Unchangeable) in Linux
A command line utility in Linux is called chattr, which is utilized to set/unset several attributes to a file is explained in this article.
chattr Syntax
# chattr [operator] [flags] [filename]
Flags and Attributes
When a file containing ‘ u‘ attribute is deleted, its information' s are saved, which let the user to ask for its deletion.
A file containing the ‘ j‘ attribute is set, where all of its datas are updated to the ext3 journal.
When a file is changed with ‘ S‘ attribute set, updated modifications take place synchronously on the disk.
Operators
&ndash | Deletes the attribute to the existing attribute of the files. |
+ | Inserts the attribute to the existing attribute of the files. |
= | Keep the existing attributes of the files. |
Addition of attributes on files from deletion
Using ‘ ls -l‘ command, verify whether the existing files have any attributes set.
[root@linuxhelp1 test]# ls -l
total 0
drwxr-xr-x. 2 root root 6 Jun 10 14:30 folder
-rw-r--r--. 1 root root 0 Jun 10 14:31 secure.conf
Utilize the " + " sign for setting up an attribute, and " &ndash " sign along with the chattr command.
For preventing anyone from deleting a file, set immutable bit with +i flags on the files.
[root@linuxhelp1 test]# chattr +i folder/
[root@linuxhelp1 test]# chattr +i secure.conf
The superuser only can have the authority to set the immutable bit +i.
Using the command ‘ lsattr‘ verify the attribute.
[root@linuxhelp1 test]# lsattr ----i----------- ./folder ----i----------- ./secure.conf [root@linuxhelp1 test]# rm -rf folder/ rm: cannot remove ‘ folder/’ : Operation not permitted [root@linuxhelp1 test]# mv folder/ folder1 mv: cannot move ‘ folder/’ to ‘ folder1’ : Operation not permitted [root@linuxhelp1 test]# chmod 755 secure.conf chmod: changing permissions of ‘ secure.conf’ : Operation not permitted
Unsetting attribute on Files
The following is an example to unset attribute or reset permissions
[root@linuxhelp1 test]# chattr -i folder/ secure.conf
Using ‘ lsattr‘ command, verify the immutable file status.
[root@linuxhelp1 test]# lsattr ---------------- ./folder ---------------- ./secure.conf [root@linuxhelp1 test]# rm -rf * [root@linuxhelp1 test]# ls -l total 0
How to /etc/shadow files and Secure /etc/passwd
Set immutable attribute on /etc/shadow, or files /etc/passwd.
[root@linuxhelp1 test]# chattr +i /etc/passwd
[root@linuxhelp1 test]# chattr +i /etc/shadow
You will receive an error message that ‘ cannot open /etc/passwd‘ , while creating a new system user.
[root@linuxhelp1 test]# useradd user2
useradd: cannot open /etc/passwd
Append data without changing existing File data
Utilize the ‘ a‘ attribute.
[root@linuxhelp1 test]# chattr +a sample.txt [root@linuxhelp1 test]# lsattr sample.txt -----a---------- sample.txt you will receive an error that ‘ Operation not permitted‘ , while replacing already existing content on a file example.txt. [root@linuxhelp1 test]# echo " this is a sample file" > sample.txt bash: sample.txt: Operation not permitted
Setting up the append attribute
[root@linuxhelp1 test]# chattr -a sample.txt
[root@linuxhelp1 test]# echo " this is a sample file" > > sample.txt
[root@linuxhelp1 test]# cat sample.txt
this is a sample file
Here is the example to test ' a' attribute mean append only.
replace contain on file.
Securing the Directories
Utilize ‘ -R‘ switch,‘ +i‘ flag and complete path of the folder, to secure the whole directory and its files.
[root@linuxhelp1 test]# chattr -R +i folder/
Now Remove/delete the folder and its files.
[root@linuxhelp1 test]# rm -rf folder/
rm: cannot remove ‘ folder/’ : Operation not permitted
Once again Utilize ‘ -R’ switch, ‘ -i’ flag and the complete path of the folder for unsetting permission.
[root@linuxhelp1 test]# chattr -R -i folder/
[root@linuxhelp1 test]# rm -rf folder/
Thus the directory is successfully removed.
chattr -i folder/ secure.conf
chattr +i /etc/passwd
chattr +i /etc/shadow
apt-get install e2fsprogs
chattr -R -i folder/
rm -rf folder/