When we think about file permissions in Linux, chmod, chown, and umask often come to mind.
But did you know thereβs another layer of security and control?
Thatβs where file attributes come into play β managed with the chattr and lsattr commands.
π What Are File Attributes?
File attributes define extra behaviours for files and directories, beyond standard read/write/execute permissions.
They can:
- Make files immutable (cannot be modified or deleted).
- Prevent accidental overwriting.
- Ensure that changes are appended only.
- Secure files from being renamed.
These attributes are supported on ext2, ext3, ext4 filesystems and some others.
π chattr β Change File Attributes
The chattr command is used to set, add, or remove attributes on a file or directory.
chattr [operators][attributes] file_name
Common Attributes:
| Operator | Meaning |
|---|---|
+ |
Add the attribute |
- |
Remove the attribute |
= |
Set the attribute (replace all existing attributes) |
| Attribute | Meaning |
|---|---|
i |
Immutable β cannot modify, delete, or rename the file. |
a |
Append-only β data can only be added, not removed. |
A |
No access time update β prevents atime updates. |
S |
Synchronous updates β changes are written to disk immediately. |
d |
No dump β file wonβt be backed up by dump command. |
e |
Extents format β default for ext4 (donβt change this casually). |
u |
Undeletable β allows recovery after deletion. |
c |
Compress file on disk (needs filesystem support). |
j |
Data journaling β data is written to journal before the file. |
Examples
1οΈβ£ Make a file immutable:
sudo chattr +i important.txt
Now:
You cannot modify, rename, delete, or create hard links to this file.
Even root must remove the attribute before editing.
sudo chattr -i important.txt
2οΈβ£ Append-only log file
sudo chattr +a logfile.log
Now:
Data can only be added.
Useful for system logs, preventing tampering.
To remove:
sudo chattr -a logfile.log
3οΈβ£ Replace all attributes
sudo chattr =a test.txt
This removes all existing attributes and sets only append-only.
π lsattr β List File Attributes
The lsattr command displays current attributes of files and directories.
Syntax:
lsattr [options] [files...]
Common Options:
| Option | Meaning |
|---|---|
-a |
Show all files including hidden files. |
-d |
List attributes of directories themselves, not their contents. |
-R |
Recursively list attributes in directories. |
Examples
1οΈβ£ Show attributes of a single file
lsattr file.txt
Output:
----i--------e--- file.txt
- i β Immutable
- e β Extents format (default for ext4)
2οΈβ£ Show all files including hidden ones
lsattr -a
3οΈβ£ Show directory attributes only
lsattr -d mydir
4οΈβ£ Recursively list attributes
lsattr -R /var/log
β οΈ Common Pitfalls & Tips
Root privilege required for most attribute changes:
sudo chattr +i file
- Not all filesystems support attributes β mainly ext2/3/4.
- Immutable files cannot even be deleted by root without removing i first.
- Be careful with = operator β it overwrites all attributes.
π§ Real-Life Use Cases
- Prevent accidental deletion of config files:
sudo chattr +i /etc/fstab
- Secure logs from tampering:
sudo chattr +a /var/log/auth.log
Freeze important scripts during deployment:
sudo chattr +i deploy.sh
π References
https://man7.org/linux/man-pages/man1/chattr.1.html
π¬ Have you used chattr and lsattr to protect your files? Share your experiences in the comments!
Top comments (0)