chattr (Change Attribute)
The chattr command modifies the file attributes on a Linux file system. It goes beyond the standard chmod permissions. Even the root user is restricted by these attributes, making it a powerful tool for system integrity and security.
1. Basic Usage
sudo chattr [operator][attribute] [filename]
- Operators:
+(add),-(remove),=(set exactly)
2. Key Attributes
| Attribute | Name | Description |
|---|---|---|
| i | immutable | The file cannot be modified, deleted, renamed, or linked to. Even by root. |
| a | append only | The file can only be opened in append mode for writing. Great for log files. |
| A | no atime | Does not update the 'atime' (access time) record, improving I/O performance. |
| d | no dump | The file will not be candidate for backup when the dump command is run. |
3. Practical Examples
① Making a file truly un-deletable
sudo chattr +i important_config.conf
rm important_config.conf # Result: Operation not permitted
② Protecting Log integrity
sudo chattr +a system.log
③ Viewing the attributes
Standard ls won't show these hidden flags. Use lsattr.
lsattr important_config.conf
4. [Tip] The "Hidden" Security Layer
Malicious rootkits often use chattr +i on their own files to prevent administrators from removing them. Knowing lsattr and chattr is a key skill for Linux system auditing and incident response.