chattr and lsattr commands in Linux with examples

In the world of Linux, managing file permissions and attributes is crucial for maintaining a secure and organized system. Two powerful commands that help control file and directory attributes are ‘chattr’ and ‘lsattr’. These commands are essential for administrators and advanced users who need to prevent unauthorized changes, protect critical files, and ensure the integrity of the system.

What is the ‘lsattr’ Command in Linux?

The lsattr command is a Unix/Linux command used to list the attributes of files or directories on a file system that supports extended attributes. Extended attributes are additional metadata associated with a file or directory beyond the traditional metadata, like permissions, ownership, and modification time.

lsattr [options] [files/directories]

• -a: Lists all files and directories, including those whose names start with a dot (hidden files).
• -d: If the argument is a directory, list the attributes of the directory itself rather than its contents.
• -R: Recursively lists the attributes of directories and their contents.

What is the ‘chattr’ Command in Linux?

The ‘chattr’ (change attribute) command is a file system utility in Linux that allows users to change the attributes of files and directories. This command is particularly useful in a multi-user environment, where it’s necessary to restrict modifications to critical files. By using ‘chattr’, you can make files immutable (undeletable or unmodifiable), restrict them to append-only mode, and apply other specific behaviors that enhance file security.

chattr [ -RVf ] [ -v version ] [ mode ] files...

Below are the different options for the chattr command: 

• -R: It is used to display the list attributes of directories and their contents recursively.
• -V: It will display the version of the program.
• -a: Used to list all the files of a directory which also includes the whose name starts with a Period(‘.’).
• -d: This option will list the directories as regular files instead of listing their contents.
• -v: Used to display the file’s version/generation number etc.

At the beginning of a mode string, one of the following operators must appear: 

• ‘+‘ : Adding selected attributes to the existing attributes of the files.
• ‘–‘ : Causes selected attributes to be removed.
• ‘=‘ : Causes selected attributes to be the only attributes that the files have.

The format of symbolic mode is: 

{+|-|=}[aAcCdDeijsStTu]

Following are the list of common attributes and associated flags can be set/unset using the chattr command: 

• A set : The atime record is not updated.
• S set : The changes are updated synchronously on the disk.
• a set : File can only be opened in append mode for writing.
• i set : File cannot be modified (immutable), the only superuser can unset the attribute.
• j set : All of files information is updated to the ext3 journal before being updated to the file itself.
• t set : No tail-merging is allowed.
• d set : No more candidate for backup when the dump process is run.
• u set : When such a file is deleted, its data is saved enabling the user to ask for its undeletion.

All the commands above are however not qualified to files and can be used on directories (Folders) as well to secure a directory from deletion or any other analogous accidents. However, while securing a directory the flag -R’ is suggested to be used in order to recursively secure all the content in the specified directory. 

Use of chattr Command: The chattr’ can be used to preserve some system files that are very important and needs to remain in the host PC no matter what. Also to make a directory undeletable or unmodifiable for users other than superuser, this is necessary. The common use of ‘chattr’ is as below:- 

1. Making the file immutable: The command here made the file named file.txt immutable, hence now no operations are possible on this file until the attributes of the file are changed again.
2. Opening the file only in append mode: The flag a’ is used to open the file only in append mode. Consequently, it can only be appended and the previous data can’t be modified.
3. Making directories secured: The flag +i’ can be used for a directory(as shown below) to make the directory immutable. Also, the flag -R’ is used here, which makes the call recursive and all the subfiles and directories are made immutable as well.

Note: lsattr command is used to see the attributes of files in a directory. Here, it should be noted that the e flag in the file is previously set and it means that the file is using extents for mapping blocks on the disk. The extents are filesystem dependent. They are seldom removable.

lsattr Output

The output of the lsattr command typically displays a list of attributes for the specified files or directories. The attributes are represented by letters, and their meanings can vary depending on the file system and the attributes set. Here’s an example of what the output might look like:

----i----------- example.txt

In this example, each character represents a specific attribute:

• The first character represents the file type. In this case, it’s a regular file.
• The following characters represent various attributes. Here are some common ones:
  • 'a' (append-only): File can only be opened in append mode.
  • 'c'(compressed):
  • 'd'(no dump)
  • 'e': extent format (for ext4 file systems)
  • 'i'(immutable): File cannot be modified, deleted, or renamed.
  • 'j': data journalling (for ext3/ext4 file systems)
  • 's'(synchronous updates): Changes are written synchronously on the disk.
  • 't'(no tail-merging): Prevents tail-merging, a space-saving optimization.
  • 'u'(undeletable): When a file is deleted, its contents are saved, allowing undeletion.

Attributes may be toggled on or off, represented by the presence or absence of the corresponding letter. In the example above, the i attribute is set (immutable).

The meaning of each attribute can vary between different file systems and implementations. You can refer to the manual page for lsattr (man lsattr) or the documentation for your specific file system for more details on what each attribute signifies.

lsattr Options

The lsattr command has several options that allow you to customize its behavior when listing file and directory attributes. Here is a summary of the most commonly used options:

• '-a': List all files in directories, including hidden files (those starting with a dot).
• '-d': List attributes of directories themselves, rather than their contents.
• '-R': Recursively list attributes of directories and their contents.
• '-v': Display the version/generation number of the files.
• '-p': Display the project number of the files (specific to some file systems).
• '-V': Display the program version.

Viewing Attributes of Files and Directories

Using lsattr to View Attributes

To view the attributes of files and directories, you use the lsattr command.

Example 1: View attributes of a file

lsattr file.txt

Example 2: View attributes of a directory

lsattr -d mydirectory

• -d: This option is used to list the attributes of directories themselves rather than their contents. Without this option, lsattr lists the attributes of the files within the directory.
• test/: The name of the directory.
• test/file1.txt: The name of the file.

The attribute string --------------e----- consists of several flags, each represented by a character in a specific position. If a flag is not set, a hyphen (-) is shown.

1. - (position 1): No special attributes (immutable, append-only, etc.) are set.
2. - (position 2): The file is not compressed.
3. - (position 3): The file is not synchronous.
4. - (position 4): The file is not immutable.
5. - (position 5): The file is not append-only.
6. - (position 6): The file is not being exclusively deleted.
7. - (position 7): The file is not being marked for secure deletion.
8. - (position 8): The file is not being marked for synchronous updates.
9. - (position 9): The file is not indexed.
10. - (position 10): The file is not a journal file.
11. - (position 11): The file is not a directory with a hash tree.
12. - (position 12): The file does not have a direct access node.
13. e (position 13): This flag means the file is using extents for mapping the blocks on disk. Extents are a way to improve large file performance by reducing fragmentation.
14. - (position 14): No special attribute is set.
15. - (position 15): No special attribute is set.

Example 3: View attributes of all files and directories recursively

lsattr -R

Changing Attributes with chattr

The chattr command is used to change file attributes. You need superuser (root) permissions to change some attributes.

chattr [options] [attributes] [files/directories]

Making Files Immutable

An immutable file cannot be modified, deleted, or renamed, and no data can be appended to it.

Example 1: Make a file immutable

sudo chattr +i example.txt

Example 2 : Make a directory immutable

sudo chattr +i -R mydirectory

To remove the immutable attribute, use:

sudo chattr -i example.txt

Making Files Append-Only

An append-only file allows only adding data to the end of the file; it cannot be deleted or overwritten.

Example 1: Make a file append-only

sudo chattr +a example.txt

To remove the append-only attribute, use:

sudo chattr -a example.txt

GeeksforGeeks

Improve

Article Tags :

• Linux-Unix