Member-only story
Why I Always Use chattr to Protect Critical Linux Files
chattr
3
Share
Permissions in Linux are powerful, but sometimes they’re not enough. If an attacker gets root, they can still modify or delete sensitive files. That’s why I use the chattr (change attribute) command as an extra layer of defense.
chattr
It’s a small step that can block both mistakes and attacks.
🚨 Why Permissions Alone Aren’t Enough
- Root override → Even if files are chmod 600 , root can still edit them.
chmod 600- Accidental edits → Admins (myself included) can mistype commands and break critical configs. - Malware persistence → Many backdoors work by silently modifying files like /etc/passwd or /etc/ssh/sshd_config .
/etc/passwd/etc/ssh/sshd_config## 🔐 How chattr HelpschattrThe chattr command lets you add special attributes to files on ext filesystems. Most useful:chattr- +i → Immutable : file cannot be modified, renamed, or deleted (even by root).+i- +a → Append-only : file can only be written to (not erased).+a## 🛠️ Step 1: Protect Sensitive Configs
Example: Protect SSH config.
chattr +i /etc/ssh/sshd_config
Top comments (1)
Hi there, we encourage authors to share their entire posts here on DEV, rather than mostly pointing to an external link.
Sharing your full posts helps ensure that readers don’t have to jump around to too many different pages, and it helps focus the conversation right here in the comments section on DEV.
To be clear, the DEV Terms state:
Also, if you share your full post, you have the option to add a canonical URL directly to your post. This helps with SEO if you are reposting articles!