The powerful chattr command and its usage in Linux

chattr is a command in the Linux operating system that allows a user to set certain attributes on a file residing on many Linux filesystems.
chattr prevents accidental deletion or change of files and folder. You cannot delete the files secured via chattr attribute even though you have full permission over files. This is very useful in system files like shadow and passwd which contain all user related information.

Syntax for chattr commands is

#chattr  [operator] [switch]  [file name]
The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files; ‘-’ causes them to be removed; and ‘=’ causes them to be the only attributes that the files have.

Recursively change attributes of directories and their contents. Symbolic links encountered during recursive directory traversals are ignored.

A file with the ‘a’ attribute set can only be open in append mode for writing. Only the superuser can set or clear this attribute.

A file with the ‘i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser can set or clear this attribute.

Create a file from root user and set full permissions on this file using chmod

#cat > test
This test file
#chmod 777 test
Now secure this file with +i option:

#chattr +i test
Now, you have read only permission on the file. All other actions except read will be denied including append, edit, rename or delete. chattr permission can be removed with -i options.

Create a new file again, secure this file with +a option:

#chattr +a test
With a options you can read and append this file but all other recitations will be as it is. Main difference between a and i switch is, in i you cannot append the file while in a switch you can append the file.

To secure entire directory use -R switch. Directory secured with -R option can be reset only with -R switch.To view or list the file attributes, lsattr is your friend.
This is just basic usage of chattr command in case you are still not aware of it or wondering what chattr is.


