Manage the files and directories with “chattr” attributes

.we can secure the important files and directories being from deleted with the help of chattr attributes, not only to secure being from delete and also prevent it from being modified or appended.Always remember to enable the attributes only on the critical files and directories.You are not allowed to edit, delete or append the content to the file/directory set with this special attributes,

Let us see the attributes and its meanings one by one

Attributes   and meaning

a     -Only  Append operation is allowed

A    -will not allow to modify the access time of file

c    -With this attribute, the file is compressed on the disk automatically

d   – The file couldn’t back up by using the dump command

i    -The file with this attribute enabled then it will not allow to modify, rename and delete

There are some special options available that could use it with the chattr command

R -To change the attributes of the directory and its subdirectories recursively.

-v – Verbose output

Now let me show the operators that can be  use it with chattr command

+   – To set the attribute in the file/directory

  •  –   -To remove the attribute from the file/directory
  • =    -With this operator you can set one attributes that the file can have
To set and unset the attributes to a file/directory

Syntax:

#chattr   <option>    <attribute>    <file/directory>
Ex:1 Create a file as a root user and give full permission  on the file
#cat >/linux.txt
Sample Output: [root@localhost /]# cat >/linux.txt
Hello Linux Hunter

Give full permission to the file

#chmod 777 /linux.txt
Sample Output:[root@localhost /]# chmod 777 /linux.txt
#ls  -l /linux.txt
Sample Output: [root@localhost /]# ls -l /linux.txt 
-rwxrwxrwx. 1 root root 18 Nov 7 13:05 /linux.txt

Now let us make this file more secure by adding  +i option

#chattr  +i   /linux.txt
Sample Output: [root@localhost /]# chattr +i /linux.txt

From now onwards you can only read this file, write and execute permissions will be denied.

#lsattr   <filename>
#lsattr   /linux.txt

From the above output you can see the attribute “i” assigned to the file

Now let us try to delete the file

#rm -vf   /linux.txt

From the above out you can see the message operation not permitted which says the file is secured with “i” attribute.

Ex:2 To remove the  assigned attributes for a file
#chattr   -i     <filename>
#chattr  -i   /linux.txt

Let us check with lsattr whether the assigned attribute is removed or not.

#lsattr  /linux.txt

Now try to remove the file

#rm  -vf   /linux.txt

After removed the “i” option now it allows the user to remove the file based on the default permission

Ex:3 Secure  a file with -a attribute

with “a” attribute it allows the user to  read and append the content, but it will not allow removing the file,So the difference between “i” and “a”  attributes with “i” it will not allow the user to append the file  whereas  with “a” attribute it allows the user to append the content to the file .

#chattr  +a  /mydata.txt

Check the file attributes by using the following command

#lsattr  /mydata.txt

From the above  output, the file is now set with “a” attribute

Now let us check whether it allows the user to append the content or not

#cat >>/mydata.txt
#cat /mydata.txt

The above output shows “a” option will allow the user to append the content to the file.

Now try  to remove the file

#rm  /mydata.txt

As I said earlier on this topic “a” will only allow to read and append the content, it will not allow the user to delete the file.That is what the above screenshot displayed.

Now let us remove the “a” attribute from the file

#chattr -a   /mydata.txt

#rm /mydata.txt

After removing the attribute from the file now it will allow the user to delete the file

Ex:4 Secure the entire directory with -R attribute

You can also secure your sensitive directory with the -R option

#mkdir  /linuxvasanth.com
#touch  /linuxvasanth.com/mydatabase

Now let us set the -R and i option to the directory /linuxvasanth.com

#chattr -R +i  /linuxvasanth.com

#rm -rvf  /linuxvasanth.com

From the above output, the user cannot delete the directory even if he has the full permission.

Now remove the -R and i  from the /linuxvasanth.com directory and try to remove the directory

#chattr -R -i  /linuxvasanth.com

Note: Directory secured with -R can be reset only with the same -R option

#rm -rvf /linuxvasanth.com

Now it allows the user to delete the directory.

I hope now you have understood the way to secure your files and directory with chattr command.

If you found this article useful, Kindly do share it and Subscribe👉🏿👉🏿  Subscribe here

 

 

 

 

About Author:

Hello readers! Let me introduce my self first. My name is Vasanth Nirmal Singh J S having 9+ years of experience in IT on all flavours of Unix operating systems ,Storage's and many more .. I would like to share my technical experience i have come across - can be help to other people. So in this blog, I'll post my thoughts related to ITIS. I'll share experiences that I've had while working in different environments. You can expect content related to Unix,Solaris,Linux,EMC Storeages,HP-UX and many others. I hope this blog can be useful for you! Your comments will be appreciated!

3 thoughts on “Manage the files and directories with “chattr” attributes

  1. I simply want to mention I am all new to blogging and site-building and truly savored this web blog. Likely I’m planning to bookmark your blog post . You absolutely come with terrific posts. Thank you for revealing your web site.

Leave a Reply

Your email address will not be published. Required fields are marked *