If you are the administrator of a Linux system that several users use, one of your challenges is probably related to using common files and their unwanted editing and accidental deletion. Files in Linux have attributes such as permissions, read/write file content, etc., which provide security and control of files.
Linux supports powerful tools for optimal management of files, of which the chattr command line tool is one of them. chattr (Change Attribute) is a versatile command line tool in Linux that is used for changing file attributes on a file system level. The chattr command line tool allows the user to set attributes for files at the file system level, which is immutable; therefore, Linux system administrators can use the chattr command to prevent the modification or deletion of essential files in file systems such as ext2, ext3, ext4, or XFS, providing more security and control for important files.
Get the most out of the chattr command in Linux and learn how to use it to make files immutable and more secure in this comprehensive guide. So stay with us until the end of this article.
How do we check the attributes set for a file?
To set the attributes of a file and make the attributes of the file unchangeable in Linux, it is better first to check the pre-set attributes for the file system-based files in the current directory; for this purpose, use the following command :
----------------------e----------- ./writer-doc.odt ----------------------e-----------./opera-app.c ----------------------e-----------./opera-app ----------------------e-----------./text-file.txt ----------------------e-----------./bash-script.sh ----------------------e-----------./image-file.jpg
The lines containing the dashed sequences representing the attributes are set for a file. This output means setting the e (extents) attribute for files. This indicates that file system inodes use extents ( —or if required—extents)to refer to the entire file on the hard disk.
Inodes for a file should only keep track of the first and last occupied blocks if those blocks form a contiguous sequence. If the file is split into multiple parts, the inode must track which block belongs to which part. Extents are a set of block numbers corresponding to a hard disk.
How to use chattr command in Linux?
The chattr command in Linux allows you to change the attribute of files and directories so that they become immutable, and no one else, even the root user, can not change the files in the file system. In the following, we will teach how to use the chattr command to make files and directories immutable.
Common attributes used with the chattr command
Common attributes and flags that the chattr command can use to set/unset files are as follows:
- No access control (A): disables the control and access of a file, which is used to manage separate access attributes. Also, attribute A prevents updating a time (access time) record.
- Append-only (a): setting a for a file prevents deletion and any changes and allows writing only in append mode. Setting this property is usually used for log files to prevent manipulation of log files and ensure that only appending data to the file is allowed, not other changes.
- Compression (c): compresses the file.
- No dump (d): the file for which the d attribute is set is not included in the backup. (being included)
- Synchronous directory updates (D): simultaneously updates all changes in a file on the hard disk.
- Extent format (e): This feature sets the file system in such a way that it uses extents to manage large files and track blocks on the hard disk, which cannot be changed with the chattr command.
- Compression (E): compresses the file based on a specific algorithm.
- Journaling (j): Enables and disables journaling for a file; that is, the information of a file is updated in the ext3 journal before being changed.
- Immutable (i): Makes the attributes of the file, such as name, file deletion, symbolic link creation, execution capability, and writing capability, unchangeable (immutable), and only the superuser is allowed to unset the attribute.
- Secure deletion (S): By setting this feature for a file, when deleting the file, the data blocks of the file will be overwritten with bytes containing zero so that it will be more difficult to recover deleted files in Linux.
- Deleting a file with a copy of the file(u): When the u attribute is set for a file, a copy of the file is created when deleting a file to make data recovery easier when a file is accidentally deleted.
Basic Syntax of chattr
To use the linux chattr command line tool, you don’t need to install it on your Linux system because it is available by default in all Linux distributions such as Ubuntu, Debian, CentOS and others. all you need to do is to use a Linux system or a Linux VPS to be able to Take advantage of the chattr command line tool features. The main Syntax of the chattr command to change file attributes at the file system level are:
chattr [operator] [flags] [filename]
operators that you can use along with the chattr command to extend chattr functionality to support different purposes are as follows:
- +(set): It is used to apply the desired attribute.
- – (unset): It is used to remove attributes for a file.
- =(set only): Sets the attribute specified in the command for a file and preserves the attributes set for the files.
With the examples that we will present in the rest of the article, you will learn better how to use chattr command in ubuntu and other distributions.
Making a file immutable
You must run the chattr command with the “i” flag to make a file unchangeable and undeletable and apply read-only restrictions to the file. Therefore, to make the file read-only and undeletable, use the following command:
sudo chattr +i filename
By running the previous command, you will prevent the accidental deletion of an important file; in addition, as a Linux administrator, you will make a file immutable even for the root user, and by using the chattr command, the file containing important information will be safe from accidental deletion. So, if you try to rename the file, delete the permissions, or delete the file, the message “Operation not permitted” tells you that you are not allowed to change the file.
sudo chattr +i testfile.txt rm testfile.txt rm: cannot remove 'testfile.txt' : Operation not permitted
Note: To make a file immutable in Linux, you must have root/sudo privileges.
To ensure you set the immutable attribute for your file, you can use the ‘lsattr’ command.
----i----------- ./opera-app ----i----------- ./important_file.conf
The chattr command allows you to set various options in combination with each other for setting multiple attributes at once to file. For example, if you want to disable the access record in addition to making a file immutable, run the following command:
sudo chattr +iA filename
Disabling user account creation by making the file Immutable
One of the most common uses of the “+i” option with the chattr command is to secure important files such as /etc/passwd and /etc/shadow files against unwanted deletion or manipulation. In addition, by making the /etc/passwd and /etc/shadow files immutable, you can also prevent the creation of user accounts. Run the following command to secure /etc/passwd and /etc/shadow files:
sudo chattr +i /etc/passwd sudo chattr +i /etc/shadow
After running the previous command, if you try to create a new user, you will get the‘cannot open /etc/passwd‘ error.
Removing immutable attribute from the file in chattr command
To remove the immutable attribute you set earlier for the file, you must use the “-i“option with the chattr command:
sudo chattr -i filename
As a result, you successfully reset (unset attribute) the attribute and permissions of your desired file, and now your desired file can be changed.
Setting restrictions in the directory
In addition to the file, you can change the attributes of a directory along with a list of files using the linux chattr command and set limits for the entire directory. For this purpose, you must run the “-R” (recursively) option in combination with “+i” with the chattr command:
sudo chattr -R +i ./mydir/
Therefore, by running the previous command, you can set the attributes of the folder or directory so that they are safe from deletion and unwanted changes.
To reset the attributes set for the directory, just run the following command:
sudo chattr -R -i ./mydir/
Setting the append-only attribute to the file to prevent deletion or modification
Suppose to increase the security of some critical files, such as log files, you want to apply a restriction that users are only allowed to append data to the file and are not allowed to manipulate, edit, or delete the file’s content. In this case, you can count on the ability of the chattr command and run the chattr command with “a” flag:
sudo chattr +a filename
Therefore, by executing the previous command, the file is set in such a way that it is only open for writing, and other operations, such as changing and modifying the file content and deleting the file, are disabled.
To remove the append-only attribute from the file, use the “-a” option:
sudo chattr -a filename
Setting secure deletion attribute on the file
There are different ways to delete a file in Linux, which we have talked about previously, but if you want to set the attributes of a file in such a way that no trace of it will be left in the memory after deleting it and it will be difficult to recover the information of that file, using the chattr command with the “+s” option is one of the effective methods. For this purpose, use the following syntax:
sudo chattr +s filename
This command leads to Overwriting the file’s data blocks with zeros when deleting the file, making it difficult to recover its content.
Note: Some file systems, including ext4, do not support the secure deletion attribute. s (secure deletion) attribute is usually set on text files.
Administrators of multi-user Linux systems should know how to use the chattr command in Linux to use this powerful and versatile tool to change file attributes at the file system level, improve the security of critical files, and help maintain system integrity. In this article, you learned how to use the chattr command to make files immutable to prevent accidental deletion and manipulation. Using the chattr command, you can change certain features of the file and monitor the access and modification of the files, as well as provide advanced security for the files by preventing unauthorized modification or deletion of essential files. Now that you are familiar with the chattr command line tool, you can benefit from this command’s ability to manage critical file and directory attributes, increasing security, data integrity, and file system efficiency in Linux-based operating systems.
Thank you for choosing this article to read.