To make our files more secure, Linux provides a feature called file attribute. By configuring the attributes of the file, we can specify whether it is read-only or undeleted, or in other statuses.

List File Attributes

Here are some options for lsattr command:

Option Meaning
-R Output all attributes of files, directories and subdirectories’ under a specified directory.
-a Output all attributes of files, directories, directory itself and the parent directory of a specified directory.
-d Output only the directory itself instead of everything under it.
-l Display long names of the option rather than the acronyms.
-v List version or general numbers of files and directories.

Let’s first prepare some files and directories:

1
2
3

mkdir -p attr_dir/attr_dir_child
touch attr_dir/{file{1,2},attr_dir_child/file_child{1,2}}
tree attr_dir
img

Prepare some files and directories

The lsattr command iterates all files and directories contained in the specified directory by default but does not iterate through the files or directories under its subdirectories: 

1

lsattr attr_dir
img

Iterates through the attr_dir directory's files and directories, bypass the files and directories under its subdirectories

Iterate Recursively

With the -R option, we can iterate all the contents of the directory and everything under its subdirectories: 

1

lsattr -R attr_dir
img

Iterate all the contents of the directory and everything under its subdirectories

Include Directory Itself and Parent Directory

With the -a option, we can iterate all of the contents under the specified directory, including itself and its parent directory: 

1

lsattr -a attr_dir
img

Iterate all of the contents under the specified directory, including itself and its parent directory

Directory Itself Only

With the -d option, we can display only the directory itself, not everything under it: 

1

lsattr -d attr_dir
img

Display only the directory itself, not everything under it

Long Name Instead of Char Abbreviation

With the -l option, we can display the long name of the option rather than the acronyms: 

1

lsattr -l attr_dir
img

Display the long name of the option rather than the acronyms

Version or Generation Number

With the -v option, we can list version or general numbers of files and directories. 

1

lsattr -v attr_dir
img

List version or general numbers of files and directories

Change File Attributes

Here are some options for chattr command:

Option Meaning
-R Recursively change the attributes of the directory and all its contents.
-V Change the attributes verbosely.

Here are all the mode options for chattr command: (Most options work only on older file system types.)

Option Meaning
a Append only.
A No atime updates
c compressed
C No copy on write
d No dump
D Synchronous directory updates
e Extent format
F Case-insensitive directory lookups
i immutable
j Data journalling
P Project hierarchy
s Secure deletion
S Synchronous updates
t No tail-merging
T Top of directory hierarchy
u Undeletable

Mode options supported with xfs type file systems:

Option Meaning
a Append only.
A No atime updates
d No dump
i immutable
S Synchronous updates

Mode options supported with ext4 type file systems:

Option Meaning
a Append only.
A No atime updates
d No dump
D Synchronous directory updates
e Extent format
i immutable
j Data journalling
S Synchronous updates
u Undeletable

Mode operations:

Option Meaning
+ Appendant
- Deletion
= Assignment

We can use the df command followed by the -T option to view the file system type of the partition in which the root path resides:

img

The file system type for the partition in which the root path is located is xfs.

Assign Attributes

With the equal sign(=), we can assign attributes to files or directories: 

1
2
3

lsattr attr_dir
chattr =i attr_dir/file1    # Assign immutable attribute to file1 under the directory
lsattr attr_dir
img

Assign immutable attribute to file1

Or we can set the attribute verbosely:

1
2
3
4

chattr -i attr_dir/file1    # This removes the immutable attribute
lsattr attr_dir
chattr -V =i attr_dir/file1
lsattr attr_dir
img

Assign immutable attribute to file1 verbosely

When we try to open and save the file, vi prompts that it is a read-only file and can not save the changes: 

1

vim attr_dir/file1
 
1

:wq
img

vi prompted that it was a read-only file and could not save the changes

Even if the save command is followed by an exclamation point, it is also impossible to save the file: 

1

:wq!
img

Forced save is also invalid for the immutable file

Append Attributes

With the plus sign(+), we can append attributes to files or directories: 

1
2
3

lsattr -R attr_dir
chattr -R +aAdS attr_dir/*    # This appends aAdS attributes to all the files and directories under the attr_dir directory
lsattr -R attr_dir
img

Append more attributes to all files and directories

Remove Attributes

With the minus sign(-), we can remove attributes from files or directories: 

1
2
3

lsattr -R attr_dir
chattr -R -aAdiS attr_dir/*    # This removes aAdiS attributes from all the files and directories under the attr_dir directory
lsattr -R attr_dir
img

Remove all attributes from all files and directories

References LSATTR(1), CHATTR(1), xfs(5), EXT4(5)

Buy me a coffeeBuy me a coffee