On the chattr and lsattr commands in Linux

PS: sometimes you find that you can't modify a file with root permissions, mostly because you locked it with the chattr command. The chattr command is very useful, and some of its functions are supported by the Linux kernel version, but most running linux systems now have 2.6 or more kernels. Modifying properties through the chattr command can improve system security, but it is not suitable for all directories. The chattr command cannot protect /, /dev, /tmp, /var directories. The lsattr command is a file property that displays the chattr command Settings.

These two commands are used to view and change the file and directory properties. Compared with the command chmod, chmod only changes the read, write and execute permissions of the file, while the lower-level property control is changed by chattr.

chattr command: chattr [-RVf] [-v version] [mode] files...

Most importantly, in the [mode] section, the [mode] section is composed of +-= and [ASacDdIijsTtu] characters, which are used to control the properties of the file.

+ : add parameters on the basis of the original parameter setting.

- : on the basis of the original parameter setting, remove the parameter.

= : update to set the specified parameters.

A: the file or directory atime (access time) cannot be modified (modified), which can effectively prevent the occurrence of errors such as I/O on laptop disks.

S: hard drive I/O sync option, functions like sync.

a: that is, append. After setting this parameter, data can only be added to the file, not deleted. It is mostly used for server log file security, and only root can set this property.

c: that is, compresse, which sets whether the file is stored after compression. Automatic decompression is required when reading.

d: no dump. The configuration file cannot be the backup target of the dump program.

i: set the file can not be deleted, renamed, set the link relationship, and can not write or add content. The i parameter is very helpful for file system security Settings.

j: journal, this parameter is set so that when the file system is mounted through mount parameter: data=ordered or data=writeback, the file is first recorded on writing (in journal). If filesystem is set to data=journal, this parameter will automatically fail.

s: delete files or directories confidentially, that is, the hard disk space is taken back completely.

u: in contrast to s, when set to u, the data content is actually still on disk and can be used for undeletion.

Common among the parameter options are a and i. The a option forces you to add non-deletions only, and is often used for security Settings on logging systems. While i is a more stringent security setting, only superuser (root) or processes with CAP_LINUX_IMMUTABLE processing power (id) can impose this option.

Application examples:

1. Use the chattr command to prevent a key file in the system from being modified:

# chattr +i /etc/resolv.conf

Then, mv /etc/ resolv.conf and other commands are used to operate on this file, all of which result in Operation not permitted. W10: Warning: Changing a readonly file error when vim edits this file. To modify this file, remove the i attribute: chattr-i /etc/ resolv.conf

# lsattr /etc/resolv.conf

The following properties are displayed

----i-------- /etc/resolv.conf

2, a file can only be added to the data, but can not be deleted, applicable to a variety of log files:

# chattr +a /var/log/messages