File Attributes

This is an additional layer of control over files above and beyond the standard Unix permissions system. File attributes are controlled by the chattr command. In general and in most situations, the attributes that this system allows are not widely used and not all of them are implemented on every filesystem, but most of the functionality of chattr is available on the common filesystems (ext2, ext3, and reiserfs).

The one attribute that is particularly interesting and that can be set with this command is the immutable attribute. It means that a file is made to behave in this interesting way. See the following example.

-rw-i—:— 1 user users 26 2007-06-23 15:21 afile [email protected]:~> rm afile rm: remove write-protected regular file 'afile'? y rm: cannot remove 'afile': Operation not permitted

According to the permissions that you see in the listing, you should certainly be able to delete the file, but attempting to do so results in an Operation not permitted alert.

Also, if you try to edit the file, you'll find that you can't write to it.

But the situation is even stranger than that:

[email protected]:~> su -Password:

[email protected]: /home/user/ # rm afile rm: remove write-protected regular file 'afile'? y rm: cannot remove 'afile': Operation not permitted

This looks very odd indeed: The owner can't delete the file, although he appears to have the right to do so, but even root can't delete the file. The reason is that the file has the immutable bit set:

[email protected]: /home/user/ # lsattr afile ----i-------- afile

The file has the special file attribute immutable set, which effectively means that no one has the right to change the file.

To set a file to be immutable, do the following:

[email protected]: /home/user/ # chattr +i afile

This adds (+) the immutable attribute (i).

To remove the attribute, do the following:

[email protected]: /home/user/ # chattr -i afile [email protected]: /home/user/ # lsattr afile ------------- afile

There are easily imagined practical situations in which you might want to use this functionality to prevent accidental deletion. For example, you might want to set this attribute on certain configuration files so as to force yourself to think very hard before modifying them. Use of the immutable attribute on particular system files is also often recommended as a way of adding an additional level of security to the system.

For further details, see the chattr and lsattr man pages.

Was this article helpful?

0 0

Post a comment