chattr and lsattr commands under Linux
file hidden attribute
Under Linux, we can use the stat command to view the relevant attribute information of the file. In addition to these attributes, the file under Linux also has some hidden attributes. We can use the lsattrcommand to view:
$ lsattr mybook
-----a-------e-- mybook- 1
- 2
The output of the above command indicates that the mybook file has extended attributes a and e, that is, data can only be added to the file, not deleted, and the file uses extends to map disk blocks. Obviously, it is very beneficial to protect data security by setting such hidden attributes for files that are only allowed to grow but not to be modified and deleted.
It should be noted that the hidden attributes of files are only fully valid for ext2/ext3/ext4 file systems, and other file systems may only support partial hidden attributes or not support hidden attributes at all.
chattr
With chattrcommands you can change the hidden attribute of a file. Its syntax format is:
chattr [ -RVf ] [ -v version ] [ mode ] files…
The meanings of several options are given below:
Meaning of options| -R | Recursively change the attributes of all subdirectories and files under a directory |
| -V | show details |
| -f | ignore most error messages |
| -v version | set file number |
| mode | Set the hidden attribute of the file, the format is +-=[acdeijstuACDST] |
The most important thing is in the [mode] part, the format of the [mode] part is +-=[acdeijstuACDST] , this part is used to set the properties of the file. It +means adding parameters based on -the original parameter setting; means removing the parameter based on the original parameter setting; =means updating to the specified parameter. The following lists the meanings of several commonly used attribute parameters:
| A | The atime (access time) of the file cannot be modified, which can reduce the number of disk I/Os, which is beneficial to improve the battery life of laptops |
| S | Disk I/O synchronization option, similar to sync |
| a | That is, append. After setting this parameter, you can only add data to the file, but not delete it. It is mostly used for server log file security. Only root can set this attribute. |
| i | Files cannot be deleted, renamed, linked, and cannot be written or added (even by root). Only root can set this property |
| c | That is, compresse, the file will be automatically compressed and then stored, and it will be automatically decompressed when reading |
| d | That is, no dump, the setting file cannot be the backup target of the dump program |
| j | That is, journal, set this parameter so that when the file system is mounted by the mount parameter "data=ordered" or "data=writeback", the file will be recorded first (in the journal) when it is written. If the filesystem parameter is set to data=journal, the parameter will be invalid automatically |
| s | Namely secure, secret option. When a file with the s attribute set is deleted, all its data blocks will be written to 0 |
| u | That is, undelete, the undelete option. Contrary to s, when a file is deleted, all its data blocks are retained and the user can restore the file later |
For example, this command can set the files in the MySecretDir directory to not allow anyone to modify:
$ sudo chattr -R =i ~/MySecretDir- 1
lsattr
lsattrList hidden attributes of files with command. Its syntax format is:
lsattr [ -RVadv ] [ files… ]
The meanings of several options are given below:
Meaning of options| -R | Recursively display attributes of all subdirectories and files under a directory |
| -V | Display version information of the lsattr program |
| -a | Display attribute information for all files, including files starting with . |
| -d | Display properties of directories, not properties of files under the directory |
| -v | Display the file number of the document |
For example, the following command displays the hidden properties of the MySecretDir directory:
$ lsattr -Rd MySecretDir/
----i----------- MySecretDir/